VMWare ESX security patches
Last Updated: 2008-10-31 07:55:40 UTC
by Stephen Hall (Version: 1)
VMWare have released a new security advisory, and has updated two previously announced advisories.
Details are available via the VMWare web site:
- VMSA-2008-0017 (new advisory)
Summary : A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding.
CVE Reference: CVE-2008-3281
Summary: A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet.
CVE Reference: CVE-2008-0960
Summary: Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.
CVE Reference: CVE-2008-2327
- VMSA-2008-0014.3 (updated advisory)
This is an updated advisory which impacts a wide range of VMWare products (both desktop and server), and covers 16 CVE's.
- VMSA-2008-0011.3 (updated advisory)
This is an updated advisory which ESX products only, but covers 9 CVE's
These advisories list security issues that have been fixed in the patches for ESX 2.5.4, ESX 2.5.5., ESX 3.0.2 and ESX 3.0.3 released on 30th October.