Summary: | app-emulation/vmware-{player,server} <185404: Use of unitialized pointers in bundled libpng (CVE-2009-0040) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tony Vroon (RETIRED) <chainsaw> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | vadimk, vmware+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.vmware.com/pipermail/security-announce/2009/000062.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 261562 |
Description
Tony Vroon (RETIRED)
2009-08-21 16:08:55 UTC
Update to comment 1; the Apache CVEs are only relevant to VMWare ACE on Windows. Vadim, could you please bump vmware-workstation & vmware-server to the required new versions so they can be fast-tracked to stable please? I've added to the tree: vmware-modules-1.0.0.25.ebuild vmware-player-2.5.3.185404.ebuild vmware-workstation-6.5.3.185404.ebuild I get :
Calculating dependencies ... done!
[uninstall ] app-emulation/vmware-player-2.5.2.156735-r1
[blocks b ] >=app-emulation/vmware-modules-1.0.0.25 (">=app-emulation/vmware-modules-1.0.0.25" is blocking app-emulation/vmware-player-2.5.2.156735-r1)
[ebuild U ] app-emulation/vmware-player-2.5.3.185404 [2.5.2.156735-r1] 98,707 kB
[ebuild U ] app-emulation/vmware-modules-1.0.0.25 [1.0.0.24] 478 kB
[blocks B ] >=app-emulation/vmware-modules-1.0.0.25 (">=app-emulation/vmware-modules-1.0.0.25" is blocking app-emulation/vmware-player-2.5.2.156735-r1)
Total: 2 packages (2 upgrades, 1 uninstall), Size of downloads: 99,185 kB
Conflict: 1 block
Would you like to merge these packages? [Yes/No]
>>> Verifying ebuild manifests
!!! A file listed in the Manifest could not be found: /usr/portage/app-emulation/vmware-player/files/2.5.3.185404/vmware-player-extras.py.patch
(In reply to comment #3) > >>> Verifying ebuild manifests > > !!! A file listed in the Manifest could not be found: > /usr/portage/app-emulation/vmware-player/files/2.5.3.185404/vmware-player-extras.py.patch > darn, I do not know how it happened, I mean files in changelog, cvs add commands in bash history... Anyway sorry about that, I recommited folder and two patches. (In reply to comment #2) > I've added to the tree: > vmware-modules-1.0.0.25.ebuild > vmware-player-2.5.3.185404.ebuild > vmware-workstation-6.5.3.185404.ebuild Arches, please test and mark stable. Target keywords: "amd64 x86" x86 stable *** Bug 280455 has been marked as a duplicate of this bug. *** app-emulation/vmware-player-2.5.3.185404 tested fine on amd64. tanderson asked to commit when finished with server. I've updated vmware-server ebuild, so server will use system libpng12.so.0. amd64 stable, all arches done. added to pending glsa. (In reply to comment #9) > I've updated vmware-server ebuild, so server will use system libpng12.so.0. > The same should be applied to other vmware packages such as vmware-workstation that suffers the same problem. This issue was resolved and addressed in GLSA 201209-25 at http://security.gentoo.org/glsa/glsa-201209-25.xml by GLSA coordinator Sean Amoss (ackle). |