From the release notes: "This release addresses a security vulnerability that has been discovered in Workstation. VMware believes that the vulnerability is very serious."

This shouldn't be an enhancement, but relabled to "critical".

Comment 2 Chris Gianelloni (RETIRED) 2005-12-21 11:49:24 UTC

OK.  I have added the new version to the tree and have removed the 5.5.0 (vulnerable) version.  Since 5.5.0 was still marked ~arch, I am unsure of the procedure going forward.  I have the ability to test/stabilize on both affected architectures.  Since this does not seem to affect any stable version of the package, would a GLSA be necessary?

Comment 3 Stefan Cornelius (RETIRED) 2005-12-21 11:59:49 UTC

if only ~arch is affected, we also only have to make sure that ~arch is secure again. seems like this is the case here, so i'm closing with no glsa. thanks for the help.

According to both the Secunia advisory and VMWare's own announcement, all prior versions of all VMWare products are affected. The way I understand it, the only safe Workstation release is the brand new one...

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) 2005-12-21 14:40:09 UTC

Reopening for proper resolution.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) 2005-12-21 14:40:27 UTC

*** This bug has been marked as a duplicate of 116238 ***

As of 5.5.1.19175 I don't get sound to work, when I use KDE/artsd.

aoss vmware
don't work anymore for me.

I thing the security fix change anything in the sound api?!?

also vmwarearts (from vmwaredsp) don't work.

Have you any idee what other tests i can do?

Greetings Jan

Comment 8 Stefan Cornelius (RETIRED) 2005-12-23 16:45:10 UTC

Dear Jan Lange, your problem is not really a part of this security bug, please file a new bug for your issue. Apart from that, vmware is proprietary and we can't really tell what has changed and rely on their patches. Maybe refer the upstream changelog (http://www.vmware.com/pdf/ws55_bugs_fixed_since500.pdf) or something similar to get ahold of changes.