Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 164107 Details for
Bug 236167
app-emulation/vmware-* multiple vulnerabilities (CVE-2007-{5269,5503}, CVE-2008-{1447,1806,1807,1808,2101})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
vmsa-2008-14-full.txt
vmsa-2008-14-full.txt (text/plain), 25.47 KB, created by
Paweł Hajdan, Jr. (RETIRED)
on 2008-08-30 06:22:28 UTC
(
hide
)
Description:
vmsa-2008-14-full.txt
Filename:
MIME Type:
Creator:
Paweł Hajdan, Jr. (RETIRED)
Created:
2008-08-30 06:22:28 UTC
Size:
25.47 KB
patch
obsolete
>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >- ------------------------------------------------------------------------ > VMware Security Advisory > >Advisory ID: VMSA-2008-0014 >Synopsis: Updates to VMware Workstation, VMware Player, > VMware ACE, VMware Server, VMware ESX address > information disclosure, privilege escalation and > other security issues. >Issue date: 2008-08-29 >Updated on: 2008-08-29 (initial release of advisory) >CVE numbers: CVE-2008-2101 CVE-2007-5269 CVE-2008-1447 > CVE-2008-3691 CVE-2008-3692 CVE-2008-3693 > CVE-2008-3694 CVE-2008-3695 CVE-2007-5438 > CVE-2008-3696 CVE-2008-3697 CVE-2008-3698 > CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 > CVE-2007-5503 >- -------------------------------------------------------------------------- > >1. Summary > > Updates to VMware Workstation, VMware Player, VMware ACE, VMware > Server, VMware ESX address information disclosure, privilege > escalation and other security issues. > >2. Relevant releases > > VMware Workstation 6.0.4 and earlier, > VMware Workstation 5.5.7 and earlier, > VMware Player 2.0.4 and earlier, > VMware Player 1.0.7 and earlier, > VMware ACE 2.0.4 and earlier, > VMware ACE 1.0.6 and earlier, > VMware Server 1.0.6 and earlier, > > VMware ESX 3.0.3 without patches ESX303-200808404-SG, ESX303-200808403-SG > ESX303-200808406-SG. > > > VMware ESX 3.0.2 without patches ESX-1005109, ESX-1005113, > ESX-1005114. > > VMware ESX 3.0.1 without patches ESX-1005108, ESX-1005112, > ESX-1005111, ESX-1004823, > ESX-1005117. > > NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x, > and VMware ACE 1.x will reach end of general support > 2008-11-09. Customers should plan to upgrade to the latest > version of their respective products. > > Extended support (Security and Bug fixes) for ESX 3.0.2 ends > on 10/29/2008 and Extended support for ESX 3.0.2 Update 1 > ends on 8/8/2009. Users should plan to upgrade to ESX 3.0.3 > and preferably to the newest release available. > > Extended Support (Security and Bug fixes) for ESX 3.0.1 has > ended on 2008-07-31. The 3.0.1 patches are released in > August because there was no patch release in July. > >3. Problem Description > > I Security Issues > > a. Setting ActiveX killbit > > Starting from this release, VMware has set the killbit on its > ActiveX controls. Setting the killbit ensures that ActiveX > controls cannot run in Internet Explorer (IE), and avoids > security issues involving ActiveX controls in IE. See the > Microsoft KB article 240797 and the related references on this > topic. > > Security vulnerabilities have been reported for ActiveX controls > provided by VMware when run in IE. Under specific circumstances, > exploitation of these ActiveX controls might result in denial-of- > service or can allow running of arbitrary code when the user > browses a malicious Web site or opens a malicious file in IE > browser. An attempt to run unsafe ActiveX controls in IE might > result in pop-up windows warning the user. > > Note: IE can be configured to run unsafe ActiveX controls without > prompting. VMware recommends that you retain the default > settings in IE, which prompts when unsafe actions are > requested. > > Earlier, VMware had issued knowledge base articles, KB 5965318 and > KB 9078920 on security issues with ActiveX controls. To avoid > malicious scripts that exploit ActiveX controls, do not enable > unsafe ActiveX objects in your browser settings. As a best > practice, do not browse untrusted Web sites as an administrator > and do not click OK or Yes if prompted by IE to allow certain > actions. > > VMware would like to thank Julien Bachmann, Shennan Wang, Shinnai, > and Michal Bucko for reporting these issues to us. > > The Common Vulnerabilities and Exposures Project (cve.mitre.org) > has assigned the names CVE-2008-3691, CVE-2008-3692, > CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and > CVE-2008-3696 to the security issues with VMware ActiveX controls. > > VMware Product Running Replace with/ > Product Version on Apply Patch > ============= ======== ======= ================= > VirtualCenter any Windows not affected > > Workstation 6.x Windows 6.0.5 build 109488 or later > Workstation 6.x Linux not affected > Workstation 5.x Windows 5.5.8 build 108000 or later > Workstation 5.x Linux not affected > > Player 2.x Windows 2.0.5 build 109488 or later > Player 2.x Linux not affected > Player 1.x Windows 1.0.8 build or later > Player 1.x Linux not affected > > ACE 2.x Windows 2.0.5 build 109488 or later > ACE 1.x Windows 1.0.7 build 108880 or later > > Server 1.x Windows 1.0.7 build 108231 or later > Server 1.x Linux not affected > > Fusion 1.x Mac OS/X not affected > > ESXi 3.5 ESXi not affected > > ESX any ESX not affected > > > b. VMware ISAPI Extension Denial of Service > > The Internet Server Application Programming Interface (ISAPI) is > an API that extends the functionality of Internet Information > Server (IIS). VMware uses ISAPI extensions in its Server product. > > One of the ISAPI extensions provided by VMware is vulnerable to a > remote denial of service. By sending a malformed request, IIS > might shut down. IIS 6.0 restarts automatically. However, IIS 5.0 > does not restart automatically when its Startup Type is set to > Manual. > > VMware would like to thank the Juniper Networks J-Security > Security Research Team for reporting this issue to us. > > The Common Vulnerabilities and Exposures Project (cve.mitre.org) > has assigned the name CVE-2008-3697 to this issue. > > VMware Product Running Replace with/ > Product Version on Apply Patch > ============= ======== ======= ================= > VirtualCenter any Windows not affected > > Workstation 6.x Windows not affected > Workstation 6.x Linux not affected > Workstation 5.x Windows not affected > Workstation 5.x Linux not affected > > Player 2.x Windows not affected > Player 2.x Linux not affected > Player 1.x Windows not affected > Player 1.x Linux not affected > > ACE 2.x Windows not affected > ACE 1.x Windows not affected > > Server 1.x Windows 1.0.7 build 108231 or later > Server 1.x Linux not affected > > Fusion 1.x Mac OS/X not affected > > ESXi 3.5 ESXi not affected > > ESX any ESX not affected > > c. OpenProcess Local Privilege Escalation on Host System > > This release fixes a privilege escalation vulnerability in host > systems. Exploitation of this vulnerability allows users to run > arbitrary code on the host system with elevated privileges. > > VMware would like to thank Sun Bing from McAfee, Inc. for > reporting this issue to us. > > The Common Vulnerabilities and Exposures Project (cve.mitre.org) > has assigned the name CVE-2008-3698 to this issue. > > VMware Product Running Replace with/ > Product Version on Apply Patch > ============= ======== ======= ================= > VirtualCenter any Windows not affected > > Workstation 6.x Windows not affected > Workstation 6.x Linux not affected > Workstation 5.x Windows 5.5.8 build 108000 or later > Workstation 5.x Linux not affected > > Player 2.x Windows not affected > Player 2.x Linux not affected > Player 1.x Windows 1.0.8 build 109488 or later > Player 1.x Linux not affected > > ACE 2.x Windows not affected > ACE 1.x Windows 1.0.7 build 108880 or later > > Server 1.x Windows 1.0.7 build 108231 or later > Server 1.x Linux not affected > > Fusion 1.x Mac OS/X not affected > > ESXi 3.5 ESXi not affected > > ESX any ESX not affected > > d. Update to Freetype > > FreeType 2.3.6 resolves an integer overflow vulnerability and other > vulnerabilities that can allow malicious users to run arbitrary code > or might cause a denial-of-service after reading a maliciously > crafted file. This release updates FreeType to 2.3.7. > > The Common Vulnerabilities and Exposures Project (cve.mitre.com) > has assigned the names CVE-2008-1806, CVE-2008-1807, and > CVE-2008-1808 to the issues resolved in Freetype 2.3.6. > > VMware Product Running Replace with/ > Product Version on Apply Patch > ============= ======== ======= ================= > VirtualCenter any Windows not affected > > Workstation 6.x Windows not affected > Workstation 6.x Linux 6.0.5 build 109488 or later > Workstation 5.x Windows not affected > Workstation 5.x Linux 5.5.8 build 108000 or later > > Player 2.x Windows not affected > Player 2.x Linux 2.0.5 build 109488 or later > Player 1.x Windows not affected > Player 1.x Linux 1.0.8 build 108000 or later > > ACE 2.x Windows not affected > ACE 1.x Windows not affected > > Server 1.x Windows not affected > Server 1.x Linux 1.0.7 build 108231 or later > > Fusion 1.x Mac OS/X affected, patch pending > > ESXi 3.5 ESXi not affected > > ESX 3.5 ESX not affected > ESX 3.0.3 ESX not affected > ESX 3.0.2 ESX not affected > ESX 3.0.1 ESX not affected > ESX 2.5.5 ESX affected, patch pending > ESX 2.5.4 ESX affected, patch pending > > e. Update to Cairo > > Cairo 1.4.12 resolves an integer overflow vulnerability that can > allow malicious users to run arbitrary code or might cause a > denial-of-service after reading a maliciously crafted PNG file. > This release updates Cairo to 1.4.14. > > The Common Vulnerabilities and Exposures (cve.mitre.com) has > assigned the name CVE-2007-5503 to this issue. > > VMware Product Running Replace with/ > Product Version on Apply Patch > ============= ======== ======= ================= > VirtualCenter any Windows not affected > > Workstation 6.x Windows not affected > Workstation 6.x Linux 6.0.5 build 109488 or later > Workstation 5.x Windows not affected > Workstation 5.x Linux not affected > > Player 2.x Windows not affected > Player 2.x Linux 2.0.5 build 109488 or later > Player 1.x Windows not affected > Player 1.x Linux not affected > > ACE 2.x Windows not affected > ACE 1.x Windows not affected > > Server 1.x Windows not affected > Server 1.x Linux not affected > > Fusion 1.x Mac OS/X affected, patch pending > > ESXi 3.5 ESXi not affected > > ESX any ESX not affected > > f. VMware Consolidated Backup(VCB) command-line utilities may expose > sensitive information > > VMware Consolidated Backup command-line utilities accept the user > password through the -p command-line option. Users logged into the > service console could gain access to the username and password used > by VCB command-line utilities when such commands are running. > > This patch resolves this issue by providing an alternative way of > passing the password used by VCB command-line utilities. > > The following options are recommended for passing the password: > > 1. The password is specified in /etc/backuptools.conf > (PASSWORD=xxxxx), and -p is not used in the command line. > /etc/backuptools.conf file permissions are read/write only > for root. > > 2. No password is specified in /etc/backuptools.conf and the > -p option is not used in the command line. The user will be > prompted to enter a password. > > ESX is not affected unless you use VCB. > > The Common Vulnerabilities and Exposures project (cve.mitre.org) > has assigned the name CVE-2008-2101 to this issue. > > VMware Product Running Replace with/ > Product Version on Apply Patch > ============= ======== ======= =================== > VirtualCenter any Windows not affected > > hosted * any any not affected > > ESXi 3.5 ESXi not affected > > ESX 3.5 ESX ESX350-200806203-UG > ESX 3.0.3 ESX ESX303-200808403-SG > ESX 3.0.2 ESX ESX-1004824 > ESX 3.0.1 ESX ESX-1004823 > ESX 2.5.5 ESX not affected > ESX 2.5.4 ESX not affected > > * hosted products are VMware Workstation, Player, ACE, Server, Fusion > > g. Third Party Library libpng Updated to 1.2.29 > > Several flaws were discovered in the way third party library > libpng handled various PNG image chunks. An attacker could > create a carefully crafted PNG image file in such a way that > it causes an application linked with libpng to crash when the > file is manipulated. > > The Common Vulnerabilities and Exposures project (cve.mitre.org) > has assigned the name CVE-2007-5269 to this issue. > > NOTE: There are multiple patches required to remediate the issue. > > VMware Product Running Replace with/ > Product Version on Apply Patch > ============= ======== ======= =================== > VirtualCenter any Windows not affected > > hosted * any any not affected > > ESXi 3.5 ESXi affected, patch pending > > ESX 3.5 ESX affected, patch pending > ESX 3.0.3 ESX ESX303-200808404-SG > ESX303-200808403-SG > ESX 3.0.2 ESX ESX-1005109 ESX-1005114 ESX-1005113 > ESX 3.0.1 ESX ESX-1005112 ESX-1005108 ESX-1005111 > ESX 2.5.5 ESX affected, patch pending > ESX 2.5.4 ESX affected, patch pending > > * hosted products are VMware Workstation, Player, ACE, Server, Fusion > > > II ESX Service Console rpm updates > > a. update to bind > > This update upgrades the service console rpms for bind-utils and > bind-lib to version 9.2.4-22.el3. > > Version 9.2.4.-22.el3 addresses the recently discovered > vulnerability in the BIND software used for Domain Name > resolution (DNS). VMware doesn't install all the BIND packages > on ESX Server and is not vulnerable by default to the reported > vulnerability. Of the BIND packages, VMware only ships bind-util > and bind-lib in the service console and these components by > themselves cannot be used to setup a DNS server. Bind-lib and > bind-util are used in client DNS applications like nsupdate, > nslookup, etc. > > VMware explicitly discourages installing applications like BIND > on the service console. In case the customer has installed BIND, > and the DNS server is configured to support recursive queries, > their ESX Server system is affected and they should replace BIND > with a patched version. > > Note: ESX Server will use the DNS server on the network it is > on, so it is important to patch that DNS server. > > The Common Vulnerabilities and Exposures project (cve.mitre.org) > has assigned the name CVE-2008-1447 to this issue. > > VMware Product Running Replace with/ > Product Version on Apply Patch > ============= ======== ======= =================== > VirtualCenter any Windows not affected > > hosted * any any not affected > > ESXi 3.5 ESXi not affected > > ESX 3.5 ESX patch pending > ESX 3.0.3 ESX ESX303-200808406-SG > ESX 3.0.2 ESX ESX-1006356 > ESX 3.0.1 ESX ESX-1005117 > ESX 2.5.5 ESX patch pending > ESX 2.5.4 ESX patch pending > > * hosted products are VMware Workstation, Player, ACE, Server, Fusion > >4. Solution > > Please review the patch/release notes for your product and version > and verify the md5sum of your downloaded file. > > VMware Workstation 6.0.5 > ------------------------ > http://www.vmware.com/download/ws/ > Release notes: > http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html > > Windows binary > md5sum: 46b4c54f0493f59f52ac6c2965296859 > > RPM Installation file for 32-bit Linux > md5sum: 49ebfbd05d146ecc43262622ab746f03 > > tar Installation file for 32-bit Linux > md5sum: 14ac93bffeee72528629d4caecc5ef37 > > RPM Installation file for 64-bit Linux > md5sum: 0a856f1a1a31ba3c4b08bcf85d97ccf6 > > tar Installation file for 64-bit Linux > md5sum: 3b459254069d663e9873a661bc97cf6c > > VMware Workstation 5.5.8 > ------------------------ > http://www.vmware.com/download/ws/ws5.html > Release notes: > http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html > > Windows binary: > md5sum: 745c3250e5254eaf6e65fcfc4172070f > > Compressed Tar archive for 32-bit Linux > md5sum: 65a454749d15d4863401619d7ff5566e > > Linux RPM version for 32-bit Linux > md5sum: d80adc73b1500bdb0cb24d1b0733bcff > > > VMware Player 2.0.5 and 1.0.8 > ----------------------------- > http://www.vmware.com/download/player/ > Release notes Player 1.x: > http://www.vmware.com/support/player/doc/releasenotes_player.html > Release notes Player 2.0 > http://www.vmware.com/support/player2/doc/releasenotes_player2.html > > 2.0.5 Windows binary > md5sum: 60265438047259b23ff82fdfe737f969 > > VMware Player 2.0.5 for Linux (.rpm) > md5sum: 3bc81e203e947e6ca5b55b3f33443d34 > > VMware Player 2.0.5 for Linux (.tar) > md5sum: f499603d790edc5aa355e45b9c5eae01 > > VMware Player 2.0.5 - 64-bit (.rpm) > md5sum: 85bc2f11d06c362feeff1a64ee5a6834 > > VMware Player 2.0.5 - 64-bit (.tar) > md5sum: b74460bb961e88817884c7e2c0f30215 > > 1.0.8 Windows binary > md5sum: e5f927304925297a7d869f74b7b9b053 > > Player 1.0.8 for Linux (.rpm) > md5sum: a13fdb8d72b661cefd24e7dcf6e2a990 > > Player 1.0.8 for Linux (.tar) > md5sum: 99fbe861253eec5308d8c47938e8ad1e > > > VMware ACE 2.0.5 > ---------------- > http://www.vmware.com/download/ace/ > Release notes 2.0: > http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html > > ACE Manager Server Virtual Appliance > Virtual Appliance for the ACE Management Server > md5sum: 41e7349f3b6568dffa23055bb629208d > > ACE for Window 32-bit and 64-bit > Main installation file for Windows 32-bit and 64-bit host (ACE Option > Page key required for enabling ACE authoring) > md5sum:46b4c54f0493f59f52ac6c2965296859 > > ACE Management Server for Windows > ACE Management Server installation file for Windows > md5sum:33a015c4b236329bcb7e12c82271c417 > > ACE Management Server for Red Hat Enterprise Linux 4 > ACE Management Server installation file for Red Hat Enterprise Linux 4 > md5sum:dc3bd89fd2285f41ed42f8b28cd5535f > > ACE Management Server for SUSE Enterprise Linux 9 > ACE Management Server installation file for SUSE Enterprise Linux 9 > md5sum:2add6a4fc97e1400fb2f94274ce0dce0 > > VMware ACE 1.0.7 > ---------------- > http://www.vmware.com/download/ace/ > Release notes: > http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html > md5sum: 42d806cddb8e9f905722aeac19740f33 > > VMware Server 1.0.7 > ------------------- > http://www.vmware.com/download/server/ > Release notes: > http://www.vmware.com/support/server/doc/releasenotes_server.html > > VMware Server for Windows 32-bit and 64-bit > md5sum: 2e2ee5ebe08ae48eac5e661cad01acf6 > > VMware Server Windows client package > md5sum: ce7d906a5a8de37cbc20db4332de1adb > > VMware Server for Linux > md5sum: 04f201122b16222cd58fc81ca814ff8c > > VMware Server for Linux rpm > md5sum: 6bae706df040c35851823bc087597d8d > > Management Interface > md5sum: e67489bd2f23bcd4a323d19df4e903e8 > > VMware Server Linux client package > md5sum: 99f1107302111ffd3f766194a33d492b > > ESX > --- > ESX 3.5.0 patch ESX350-200806203-UG (VCB) > http://download3.vmware.com/software/esx/ESX350-200806203-UG.zip > md5sum: 3bd512dc8aa2b276f7cfd19080d193c9 > http://kb.vmware.com/kb/1005896 > > ESX 3.0.3 patch ESX303-200808403-SG (libpng) > http://download3.vmware.com/software/vi/ESX303-200808403-SG.zip > md5sum: 5f1e75631e53c0e9e013acdbe657cfc7 > http://kb.vmware.com/kb/1006034 > > ESX 3.0.3 patch ESX303-200808404-SG (libpng) > http://download3.vmware.com/software/vi/ESX303-200808404-SG.zip > md5sum: 65468a5b6ba105cfde1dd444d77b2df4 > http://kb.vmware.com/kb/1006035 > > ESX 3.0.3 patch ESX303-200808406-SG (bind) > http://download3.vmware.com/software/vi/ESX303-200808406-SG.zip > md5sum: a11273e8d430e5784071caff673995f4 > http://kb.vmware.com/kb/1006357 > > ESX 3.0.3 patch (VCB) > > ESX 3.0.2 patch ESX-1005109 (libpng) > http://download3.vmware.com/software/vi/ESX-1005109.tgz > md5sum: 456d74d94317f852024aed5d3852be09 > http://kb.vmware.com/kb/1005109 > > ESX 3.0.2 patch ESX-1005113 (libpng) > http://download3.vmware.com/software/vi/ESX-1005113.tgz > md5sum: 5d604f2bfd90585b9c8679f5fc8c31b7 > http://kb.vmware.com/kb/1005113 > > ESX 3.0.2 patch ESX-1005114 (libpng) > http://download3.vmware.com/software/vi/ESX-1005114.tgz > md5sum: 3b6d33b334f0020131580fdd8f9b5365 > http://kb.vmware.com/kb/1005114 > > ESX 3.0.2 patch ESX-1004824 (VCB) > http://download3.vmware.com/software/vi/ESX-1004824.tgz > md5sum: c72b0132c9f5d7b4cb1b9e47748a9c5b > http://kb.vmware.com/kb/1004824 > > ESX 3.0.2 patch ESX-1006356 (bind) > http://download3.vmware.com/software/vi/ESX-1006356.tgz > md5sum: f0bc9d0b641954145df3986cdb1c2bab > http://kb.vmware.com/kb/1006356 > > ESX 3.0.1 patch ESX-1005111 (libpng) > http://download3.vmware.com/software/vi/ESX-1005111.tgz > md5sum: 60e1be9b41070b3531c06f9a0595e24c > http://kb.vmware.com/kb/1005111 > > ESX 3.0.1 patch ESX-1005112 (libpng) > http://download3.vmware.com/software/vi/ESX-1005112.tgz > md5sum: ad645cef0f9fa18bb648ba5a37074732 > http://kb.vmware.com/kb/1005112 > > ESX 3.0.1 patch ESX-1005108 (libpng) > http://download3.vmware.com/software/vi/ESX-1005108.tgz > md5sum: aabc873d978f023c929ccd9a54588ea5 > http://kb.vmware.com/kb/1005108 > > ESX 3.0.1 patch ESX-1004823 (VCB) > http://download3.vmware.com/software/vi/ESX-1004823.tgz > md5sum: 5ff2e8ce50c18afca76fb16c28415a59 > http://kb.vmware.com/kb/1004823 > > ESX 3.0.1 patch ESX-1005117 (bind) > http://download3.vmware.com/software/vi/ESX-1005117.tgz > md5sum: 5271ecc6e36fb6f1fdf372e57891aa33 > http://kb.vmware.com/kb/1005117 > > >5. References > > CVE numbers > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2101 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3691 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3692 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3693 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3694 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3695 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5438 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3696 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3697 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3698 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503 > >- ------------------------------------------------------------------------ >6. Change log > >2008-08-29 VMSA-2008-0014 >initial release > >- ------------------------------------------------------------------------ >7. Contact > >E-mail list for product security notifications and announcements: >http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce > >This Security Advisory is posted to the following lists: > > * security-announce at lists.vmware.com > * bugtraq at securityfocus.com > * full-disclosure at lists.grok.org.uk > >E-mail: security at vmware.com >PGP key at: http://kb.vmware.com/kb/1055 > >VMware Security Center >http://www.vmware.com/security > >VMware security response policy >http://www.vmware.com/support/policies/security_response.html > >General support life cycle policy >http://www.vmware.com/support/policies/eos.html > >VMware Infrastructure support life cycle policy >http://www.vmware.com/support/policies/eos_vi.html > >Copyright 2008 VMware Inc. All rights reserved. > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.7 (GNU/Linux) > >iD8DBQFIuI98S2KysvBH1xkRCJp7AJ9Mq0+CEdoQRLzPLSRbv5OLqXqUHACfUSRt >bZpHL8qHcNwAiTVz6P3+W6E= >=PQ58 >-----END PGP SIGNATURE-----
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=164107">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 236167
: 164107 |
165397
