VMWare have released a new security advisory, and has updated two previously announced advisories.
Details are available via the VMWare web site:
- VMSA-2008-0017 (new advisory)
Summary : A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding.
CVE Reference: CVE-2008-3281
Summary: A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet.
CVE Reference: CVE-2008-0960
Summary: Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.
CVE Reference: CVE-2008-2327
This is an updated advisory which impacts a wide range of VMWare products (both desktop and server), and covers 16 CVE's.
This is an updated advisory which ESX products only, but covers 9 CVE's
Oct 31st 2008
1 decade ago