LANDesk Security and Patch News
- (May 04, 2012) VMware Inc has released VMware Version 8.0.3.
The following issues are resolved in this release of VMware Workstation.
VMware floppy device out-of-bounds memory write
Due to a flaw in the virtual floppy configuration it was possible to perform an out-of-bounds memory write. This vulnerability allowed a guest user to crash the VMX process or to potentially execute code on the host.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2449 to this issue.
VMware SCSI device unchecked memory write
Due to a flaw in the SCSI device registration it was possible to perform an unchecked write into memory. This vulnerability allowed a guest user to crash the VMX process or to potentially execute code on the host.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2450 to this issue.
VMware Security Advisory VMSA-2012-0009 documents workarounds and mitigation for these two resolved issues.
The known issues are grouped as follows:
Remote Connection and Remote Virtual Machine Issues
Role and Permission Issues
Shared Virtual Machine Issues
Display and Input Issues
Folder and Team Conversion Issues
Physical Machine Virtualization Issues
Guest Operating System Installation Issues
- Please visit the following page for more details, http://www.vmware.com/support/ws80/doc/releasenotes_workstation_803.html
- Vulnerability ID – VMWAREv8.0.3_Detect_Only
- Vulnerability ID – VMWAREv8.0.2_Detect_Only (Added the replacement information.)
New Patch Downloads
Where to Send Feedback
At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future. Please continue to provide feedback by contacting our local support organization.
LANDesk Product Support
Copyright © 2012 LANDesk Software. All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.
Information in this document is provided for information purposes only. The information presented here is subject to change without notice. This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.landesk.com.