[Vmware-package-maintainers] Bug#485919: vmware-package: CVE-2008-2100 Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057
Thomas Bläsing
thomasbl at pool.math.tu-berlin.de
Thu Jun 12 09:28:12 UTC 2008
Package: vmware-package
Version: 0.22
Severity: normal
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for vmware-package.
CVE-2008-2100[0]:
| Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on
| VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE
| 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware
| ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code
| on the host OS via unspecified vectors.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100
http://security-tracker.debian.net/tracker/CVE-2008-2100
As mentioned in bug #484491, I think you just need to update the hashes
for the tarballs to fix this bug :)
Kind regards,
Thomas.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/vmware-package-maintainers/attachments/20080612/d43dab71/attachment.pgp
More information about the Vmware-package-maintainers
mailing list