| Summary: | version bump: app-emulation/vmware-server-1.0.6.91891 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Stefan Behte (RETIRED) <craig> |
| Component: | New packages | Assignee: | Gentoo VMWare Bug Squashers [disabled] <vmware+disabled> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | major | CC: | gengor, security |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Stefan Behte (RETIRED)
2008-06-04 09:28:15 UTC
This is for security also, I didn't see the message earlier, sorry! VMSA-2008-0009 (http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062651.html) VMware VIX Application Programming Interface (API) Memory Overflow The worst one: The VIX API (also known as "Vix") is an API that lets users write scripts and programs to manipulate virtual machines. Multiple buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system. -> it allows you to escape from the VM, that's exactly what you don't want at all! vmware-server-1.0.6.91891 implements those fixes, but we also need to update app-emulation/vmware-player and app-emulation/vmware-workstation ASAP! *** This bug has been marked as a duplicate of bug 224637 *** |