VMWare have released a new security advisory, and has updated two previously announced advisories.

Details are available via the VMWare web site:

- VMSA-2008-0017 (new advisory)
 http://lists.vmware.com/pipermail/security-announce/2008/000039.html

Summary : A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding.

CVE Reference: CVE-2008-3281

Summary: A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet.

CVE Reference: CVE-2008-0960

Summary: Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.

CVE Reference: CVE-2008-2327

- VMSA-2008-0014.3 (updated advisory)
 http://lists.vmware.com/pipermail/security-announce/2008/000040.html

This is an updated advisory which impacts a wide range of VMWare products (both desktop and server), and covers 16 CVE's.

- VMSA-2008-0011.3 (updated advisory)
 http://lists.vmware.com/pipermail/security-announce/2008/000041.html

This is an updated advisory which ESX products only, but covers 9 CVE's

These advisories list security issues that have been fixed in the patches for ESX 2.5.4, ESX 2.5.5., ESX 3.0.2 and ESX 3.0.3 released on 30th October.