Only the "JRE Security Update" (section c) should be relevant, but I'm currently not sure how exactly this makes a vmware server vulnerable. Server 2.0 any affected, patch pending Server 1.0 any not affected "Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network."
Rating B1 for now, but I'm not sure which level of access might be possible; please adjust if you have further information.
(In reply to comment #0) > Only the "JRE Security Update" (section c) should be relevant, but I'm > currently not sure how exactly this makes a vmware server vulnerable. > > Server 2.0 any affected, patch pending > Server 1.0 any not affected > > "Notes: These vulnerabilities can be exploited remotely only if the attacker > has access to the Service Console network." > VMSA-2009-0015 released, new versions and some more CVE's: CVE-2009-2267 CVE-2009-3733 Server 2.x any 2.0.2 build 203138 or later Server 1.x any 1.0.10 build 203137 or later
vmware-server-2.0.2.203138 is in the tree.
Are there any problems with the modules? Is it ready for stabling?
(In reply to comment #4) > Are there any problems with the modules? Is it ready for stabling? > Yes, I think vmware-modules-1.0.0.24-r1.ebuild are ready. vmware-modules-1.0.0.25 are for vmware-workstation-6.5.3.185404 are ready as well.
Since Server 1.0 (our stable) is not affected and 2.0 (our unstable) is fixed in unstable, this bug is resolved. Modules and Workstation are up to date via bug 282213.
The original summary for this bug was longer than 255 characters, and so it was truncated when Bugzilla was upgraded. The original summary was: <app-emulation/vmware-server-2.0.2.203138 JDK issues (CVE-2007-6063,CVE-2008-{0598,2086,2136,2812,3275,3525,4210,5339,5340,5341,5342,5343,5344,5345,5346,5347,5348,5349,5350,5351,5352,5353,5354,5355,5356,5357,5358,5359,5360},CVE-2009-{0692,1093,1094,1095,1096,1097,1098,1099,1100,1101,1102,1103,1104,1105,1106,1107,1893})