VMWare have released a new security advisory, and has updated two previously announced advisories. Details are available via the VMWare web site: - VMSA-2008-0017 (new advisory) Summary : A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. CVE Reference: CVE-2008-3281 Summary: A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. CVE Reference: CVE-2008-0960 Summary: Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. CVE Reference: CVE-2008-2327 This is an updated advisory which impacts a wide range of VMWare products (both desktop and server), and covers 16 CVE's. This is an updated advisory which ESX products only, but covers 9 CVE's
|
Stephen 89 Posts Oct 31st 2008 |
Thread locked Subscribe |
Oct 31st 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!