LANDesk Patch News Bulletin: VMWare Player Update Version 3.1.2 is Available 25-SEP-2010

Version 1

    LANDesk Security and Patch News

     

    Headlines

    • (September 25, 2010) VMware Inc has released VMWare Player v3.1.2. This update is addresses known issues under this section is only applicable when upgrading from the VMware Player 3.1 release candidate to the current VMware Player 3.1.2 release.

        * Upgrading VMware Player on non-English versions of Windows Vista and Windows 7 hosts might cause the vmUpdateLauncher.exe program to fail and trigger high CPU and memory usage.

           The following sections list the resolved issues in VMware Player 3.1.2.

           Security Fixes

        * VMware Player 3.x addresses an installer security issue

          The VMware Player 3.x installer loads an index.htm file located in the current working directory on which VMware Player 3.x is being installed. This might enable attackers to display a malicious file if they manage to get their file onto the system prior to installation.    

        * Third party libpng updated to version 1.2.44

          A buffer overflow condition in libpng is addressed that could potentially lead to code execution with the privileges of the application using libpng. Two potential denial of service issues are also addressed in the update. 

           

    New Vulnerabilities

    • Vulnerability ID – VMWAREPLAYERv3.1.2_Detect_Only

     

    Changed Vulnerabilities

    • Vulnerability ID – VMWAREPLAYERv3.1.1_Detect_Only

           (Added the replacement information.)

     

    New Patch Downloads

    • N/A

    Where to Send Feedback

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.

    Best regards,

    LANDesk Product Support

    Copyright © 2010 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.

    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.landesk.com.