• Welcome to Advance DreamBox Forum. Please login or sign up.
 

VMware Server 1.0.5 build 80187

Started by arjanhs, March 20, 2008, 01:00:11 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

arjanhs

Vmware heeft een nieuwe versie van Vmware Server beschikbaar gesteld. Het programma is aangekomen bij versienummer 1.0.5 build 80187 en kan vanaf deze pagina voor Windows en Linux gedownload worden. Vmware Server is een virtualisatieprogramma voor servers waarmee meerdere en verschillende besturingssystemen in een virtuele omgeving gedraaid kunnen worden. Meer informatie over dit programma kan op de website gevonden worden. De ontwikkelaars hebben in Vmware Server 1.05 de volgende veranderingen doorgevoerd:

    Security Issues Resolved in VMware Server 1.0.5

        * A security vulnerability in OpenSSL 0.9.7j could make it possible to forge a RSA key signature. VMware Server 1.0.5 upgrades OpenSSL to version 0.9.7l to avoid this vulnerability. bug 216497), RSA Signature Forgery (CVE-2006-4339)
        * An internal security audit determined that a malicious user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. In this situation, the malicious user could successfully impersonate authd and attain privileges under which authd is executing. bug 235420, (Foundstone CODE-BUG-H-001)
        * An internal security audit determined that a malicious user could exploit an insecurely created named pipe object to escalate priviliges or create a denial-of-service attack. bug 235833, (Foundstone CODE-BUG-H-002)
        * This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities. bug 237049
        * A vulnerability in VMware Workstation running on Windows allowed complete access to the host's file system from a guest machine. This access included the ability to create and modify executable files in sensitive locations. bug 240000, (CORE-2007-0930)
        * The authd process read and honored the vmx.fullpath variable in the user-writable file config.ini, creating a security vulnerability. bug 241648
        * The config.ini file could be modified by non-administrator to change the VMX launch path. This created a vulnerability that could be exploited to escalate a user's privileges. bug 241677

    In addition, Version 1.0.5 improves Remote Console performance and screen refreshing.



Website   Vmware
Download   http://register.vmware.com/content/download.html