VMWare has released an update to their Workstation and Player release. They are now reaching 8.0.4 and 4.0.4 respectively. The Workstation's Release Notes said that this version has two security fixes and 5 bug fixes:
General Issues
- Linux guests running the Linux kernel version 2.6.34 or later could not be pinged from the host via an IPv6 address.
- On rare occasions, Linux guests would suddenly fail to Autofit or enter Unity.
- Unity mode would exit if the title bar of an application contained certain non UTF-8 encoded extended ASCII characters.
- On Windows hosts, the VMware Workstation user interface sometimes
became unresponsive when minimized from full-screen mode if the
suggestion balloon was being
displayed.
- On Windows hosts, the user interface sometimes became unresponsive
if the application was rendered on an extended display that was abruptly
disconnected.
Security Issues
- VMware host Checkpoint file memory corruption
Input data was not properly validated when loading Checkpoint files. This issue could have allowed an attacker with the
ability to load a specially crafted Checkpoint file to execute arbitrary code on the host.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3288 to this issue.
- VMware virtual machine remote device denial of service
A device (such as CD-ROM or keyboard) that is available to a virtual
machine while physically connected to a system that does not run the
virtual machine is referred
to as a remote device. Traffic coming from remote virtual devices was
incorrectly handled. This issue could have allowed an attacker who was
capable of manipulating
the traffic from a remote virtual device to crash the virtual machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3289 to this issue.
I'm in a process of downloading it and will see if the patch that works for 8.0.3 still applies to this version. I will post a new blog after installing it on my machine later on.
