VMware Security Advisory - Updated Tomcat and JRE security updates have been issued for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1.
d70ad50277bcd17773dae218bfe21840a7f7e10fd23649fa024d2109224a5aa9VMware Security Advisory - VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. And by multiple, VMware means 93 issues. And by issues, VMware means vulnerabilities.
101173f9f91a1f7594cf27ac8b0a52a7e9ab1d79d792e24aa5854aaa771f163dVMware Security Advisory - VMware hosted products and ESX patches resolve two security issues.
8a6dabf23ceea7040d69ab75fbd444328ec53f5a0c451789e2a8b710ca4322bcVMware Security Advisory - VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues. And by multiple, we mean a very, very, very large amount of issues.
c2c6048aa6cecef0b2620603adc69c5932ea002bec08689597fb8904eaaf2bfaVMware Security Advisory - VMware Fusion 2.0.6 addresses a denial of service and code execution vulnerability.
e42d079c45012fa881f28c5390bdad571e98c1894d430ba2e284b282a444a287VMware Security Advisory - Several security issues are resolved with the latest VMnc codec. Affected are VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE.
dd5696c1d34d1408df31d1ca016b4f3885fb1dbc2e002879fa1d594acc1f3087VMware Security Advisory - VMware Studio 2.0 resolves a directory traversal vulnerability that was present in the VMware Studio 2.0 public beta.
769993865c97b27b900b5a47a848f58d203e7f88393f4bdce055b9f540ff9159VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.
fa25255a1fe8dc51e8b60d69060b437dd5c2bb2ea3ba80fcabeb503621483800VMware Security Advisory - A vulnerability in the udev program did not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Sudo versions 1.6.9p17 through 1.6.9p19 do not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which might allow local users to leverage an applicable sudoers file and gain root privileges by using a sudo command. The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files by using a redirect to a file: URL, or execute arbitrary commands by using a redirect to an scp: URL.
759e7d969ae9dbcf95da34e7d98cb345a45a4ba05ec0e0d5f59318f5305afec4VMware Security Advisory - An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
e109e18e41b40196e0d8522ebb8cb0eb6a3c6ead5745495b47f1cb7c4dec62edVMware Security Advisory - VMware Hosted products and ESX and ESXi patches resolve a security issue. Update patch 13 for ESX 2.5.5 updates the libpng Service Console RPM.
203a590a4bdbe48adceffe110e8cd59465f46fb0e57d0752d412221afaa50075VMware Security Advisory - Updated VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability. A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host.
ded0d04acbe4c8b889c0e5575d735098c83e86bfdfa2bfcf6b60809b3bf1577eVMware Security Advisory - Updated VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues.
69d3c63671df094fb6e8d8612166baec58e5df05c421660a5e43b54c2f056969VMware Security Advisory - ESX patches for OpenSSL, vim and bind resolve several security issues. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. Various vulnerabilities were discovered in vim such as format string issues and input validation problems.
6cb3c24c65b6ce75a60be81d773ffe92365d8866329c83302255f5fa55cec7f1VMware Security Advisory - A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor.
e543e4b89812eead2fd7b1d444b7c2ef8891ecc6969a7a5e7ee04258d84bc0f0VMware Security Advisory - Update for VirtualCenter updates the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat.
c355b6e2f3962839d0823d64d74f68d14bbda56c666d5663b4c909775faa2654VMware Security Advisory - Updated ESX patches address an issue loading corrupt virtual disks and update Service Console packages for net-snmp and libxml2.
0e7b91107741d71e6675c0f2c159e51f653f073c37b9efdcb9785268746062c4VMware Security Advisory - VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2.
31c6abc34ab54b63be1f222d1e69ab8c92a9f8ac0630c89314450bdf34c106c2VMware Security Advisory - VMware Hosted products and patches for ESX and ESXi resolve multiple security issues. A flaw in the CPU hardware emulation may allow for a privilege escalation on virtual machine guest operating systems. In addition a directory traversal issue is resolved.
a2cc4fb617dd573bde38a03b8b1f2ca7106b716cdac17f5f3c3c96573df9e5c2VMware Security Advisory - A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.
9b95b2eac411ccf8ddbae9b70391be0685aa4158605a231698472c0a4d751e09VMware Security Advisory - VMware addresses an in-guest privilege escalation on 64-bit guest operating systems in ESX, ESXi, and previously released versions of our hosted product line. Updated VMware VirtualCenter Update 3 addresses potential information disclosure and updates Java JRE packages.
01a45ebae3605a3c400cbd4ce5d054f72ec5ac917c678a7e64d411f691300d89VMware Security Advisory - Updated ESXi and ESX 3.5 packages address critical security issues in opewsman, where two remote buffer overflows exist in the decoding of HTTP basic authentication headers.
17ffbbf6fa819c6f0740dc4bc77f22a453a6abde32725e9cde6525deffff2c0fVMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
cf33ed983d59f3fe21ba66fc27682e8a073a9ba1d0031e69d9302bd25acc6efdVMware Security Advisory - Updated ESX packages for OpenSSL, net-snmp, and perl have been released to address multiple vulnerabilities.
b9fc79fc6d73c8635a227013728cb6e8490b89d0d62d24c585fa37fd7cbfa221VMware Security Advisory - An information disclosure vulnerability is present in VirtualCenter. Exploitation of this flaw might result in disclosure of the user names of system accounts. VirtualCenter versions 2.5 previous to update 2 and VirtualCenter versions 2.0.2 previous to update 5 are vulnerable.
f01d6babcec1ce01eeef99846eca4c77269f9ab6e83233a3e8a58f435f4beac3VMware Security Advisory - Updated ESX service console packages for Samba and vmnix have been released to address several security issues.
904341d65768747a7481991de55dc59d733b5d767c3855c8baedad9846f2ec4b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed