Looks like Vmware released a new version. The release notes are located at http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
From the release notes: "This release addresses a security vulnerability that has been discovered in Workstation. VMware believes that the vulnerability is very serious." This shouldn't be an enhancement, but relabled to "critical".
OK. I have added the new version to the tree and have removed the 5.5.0 (vulnerable) version. Since 5.5.0 was still marked ~arch, I am unsure of the procedure going forward. I have the ability to test/stabilize on both affected architectures. Since this does not seem to affect any stable version of the package, would a GLSA be necessary?
if only ~arch is affected, we also only have to make sure that ~arch is secure again. seems like this is the case here, so i'm closing with no glsa. thanks for the help.
According to both the Secunia advisory and VMWare's own announcement, all prior versions of all VMWare products are affected. The way I understand it, the only safe Workstation release is the brand new one...
Reopening for proper resolution.
*** This bug has been marked as a duplicate of 116238 ***
As of 5.5.1.19175 I don't get sound to work, when I use KDE/artsd. aoss vmware don't work anymore for me. I thing the security fix change anything in the sound api?!? also vmwarearts (from vmwaredsp) don't work. Have you any idee what other tests i can do? Greetings Jan
Dear Jan Lange, your problem is not really a part of this security bug, please file a new bug for your issue. Apart from that, vmware is proprietary and we can't really tell what has changed and rely on their patches. Maybe refer the upstream changelog (http://www.vmware.com/pdf/ws55_bugs_fixed_since500.pdf) or something similar to get ahold of changes.