[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-23.xml - gentoo-commits

From:	"Pierre-Yves Rofes (py)" <py@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-23.xml
Date:	Sun, 18 Nov 2007 21:06:41
Message-Id:	`E1ItrLf-00055m-I4@stork.gentoo.org`

1

py          07/11/18 21:06:35

2

3

  Added:                glsa-200711-23.xml

4

  Log:

5

  GLSA 200711-23

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200711-23.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-23.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-23.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200711-23.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200711-23">

21

  <title>VMware Workstation and Player: Multiple vulnerabilities</title>

22

  <synopsis>

23

    VMware guest operating systems might be able to execute arbitrary code with

24

    elevated privileges on the host operating system through multiple flaws.

25

  </synopsis>

26

  <product type="ebuild">vmware-workstation vmware-player</product>

27

  <announced>November 18, 2007</announced>

28

  <revised>November 18, 2007: 01</revised>

29

  <bug>193196</bug>

30

  <access>remote</access>

31

  <affected>

32

    <package name="app-emulation/vmware-workstation" auto="yes" arch="*">

33

      <unaffected range="rge">5.5.5.56455</unaffected>

34

      <unaffected range="ge">6.0.1.55017</unaffected>

35

      <vulnerable range="lt">6.0.1.55017</vulnerable>

36

    </package>

37

    <package name="app-emulation/vmware-player" auto="yes" arch="*">

38

      <unaffected range="rge">1.0.5.56455</unaffected>

39

      <unaffected range="ge">2.0.1.55017</unaffected>

40

      <vulnerable range="lt">2.0.1.55017</vulnerable>

41

    </package>

42

  </affected>

43

  <background>

44

<p>

45

    VMware Workstation is a virtual machine for developers and system

46

    administrators. VMware Player is a freeware virtualization software

47

    that can run guests produced by other VMware products.

48

    </p>

49

  </background>

50

  <description>

51

<p>

52

    Multiple vulnerabilities have been discovered in several VMware

53

    products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that

54

    the DHCP server contains an integer overflow vulnerability

55

    (CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and

56

    another error when handling malformed packets (CVE-2007-0061), leading

57

    to stack-based buffer overflows or stack corruption. Rafal Wojtczvk

58

    (McAfee) discovered two unspecified errors that allow authenticated

59

    users with administrative or login privileges on a guest operating

60

    system to corrupt memory or cause a Denial of Service (CVE-2007-4496,

61

    CVE-2007-4497). Another unspecified vulnerability related to untrusted

62

    virtual machine images was discovered (CVE-2007-5617).

63

    </p>

64

<p>

65

    VMware products also shipped code copies of software with several

66

    vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT

67

    Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow

68

    (GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813,

69

    CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146).

70

    </p>

71

  </description>

72

  <impact type="normal">

73

<p>

74

    Remote attackers within a guest system could possibly exploit these

75

    vulnerabilities to execute code on the host system with elevated

76

    privileges or to cause a Denial of Service.

77

    </p>

78

  </impact>

79

  <workaround>

80

<p>

81

    There is no known workaround at this time.

82

    </p>

83

  </workaround>

84

  <resolution>

85

<p>

86

    All VMware Workstation users should upgrade to the latest version:

87

    </p>

88

    <code>

89

    # emerge --sync

90

    # emerge --ask --oneshot --verbose &quot;&gt;=app-emulation/vmware-workstation-5.5.5.56455&quot;</code>

91

<p>

92

    All VMware Player users should upgrade to the latest version:

93

    </p>

94

    <code>

95

    # emerge --sync

96

    # emerge --ask --oneshot --verbose &quot;&gt;=app-emulation/vmware-player-1.0.5.56455&quot;</code>

97

  </resolution>

98

  <references>

99

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0813">CVE-2004-0813</uri>

100

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619">CVE-2006-3619</uri>

101

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146">CVE-2006-4146</uri>

102

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600">CVE-2006-4600</uri>

103

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0061">CVE-2007-0061</uri>

104

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062">CVE-2007-0062</uri>

105

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063">CVE-2007-0063</uri>

106

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716">CVE-2007-1716</uri>

107

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4496">CVE-2007-4496</uri>

108

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4497">CVE-2007-4497</uri>

109

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5617">CVE-2007-5617</uri>

110

    <uri link="http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml">GLSA-200606-02</uri>

111

    <uri link="http://www.gentoo.org/security/en/glsa/glsa-200702-06.xml">GLSA-200702-06</uri>

112

    <uri link="http://www.gentoo.org/security/en/glsa/glsa-200704-11.xml">GLSA-200704-11</uri>

113

    <uri link="http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml">GLSA-200705-15</uri>

114

    <uri link="http://www.gentoo.org/security/en/glsa/glsa-200707-11.xml">GLSA-200707-11</uri>

115

    <uri link="http://lists.vmware.com/pipermail/security-announce/2007/000001.html">VMSA-2007-0006</uri>

116

  </references>

117

  <metadata tag="requester" timestamp="Wed, 07 Nov 2007 01:24:32 +0000">

118

rbu

119

  </metadata>

120

  <metadata tag="submitter" timestamp="Tue, 13 Nov 2007 02:06:33 +0000">

121

rbu

122

  </metadata>

123

  <metadata tag="bugReady" timestamp="Thu, 15 Nov 2007 23:43:42 +0000">

124

rbu

125

  </metadata>

126

</glsa>

--

131

gentoo-commits@g.o mailing list

1	py 07/11/18 21:06:35
2
3	Added: glsa-200711-23.xml
4	Log:
5	GLSA 200711-23
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200711-23.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-23.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-23.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200711-23.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200711-23">
21	<title>VMware Workstation and Player: Multiple vulnerabilities</title>
22	<synopsis>
23	VMware guest operating systems might be able to execute arbitrary code with
24	elevated privileges on the host operating system through multiple flaws.
25	</synopsis>
26	<product type="ebuild">vmware-workstation vmware-player</product>
27	<announced>November 18, 2007</announced>
28	<revised>November 18, 2007: 01</revised>
29	<bug>193196</bug>
30	<access>remote</access>
31	<affected>
32	<package name="app-emulation/vmware-workstation" auto="yes" arch="*">
33	<unaffected range="rge">5.5.5.56455</unaffected>
34	<unaffected range="ge">6.0.1.55017</unaffected>
35	<vulnerable range="lt">6.0.1.55017</vulnerable>
36	</package>
37	<package name="app-emulation/vmware-player" auto="yes" arch="*">
38	<unaffected range="rge">1.0.5.56455</unaffected>
39	<unaffected range="ge">2.0.1.55017</unaffected>
40	<vulnerable range="lt">2.0.1.55017</vulnerable>
41	</package>
42	</affected>
43	<background>
44	<p>
45	VMware Workstation is a virtual machine for developers and system
46	administrators. VMware Player is a freeware virtualization software
47	that can run guests produced by other VMware products.
48	</p>
49	</background>
50	<description>
51	<p>
52	Multiple vulnerabilities have been discovered in several VMware
53	products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that
54	the DHCP server contains an integer overflow vulnerability
55	(CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and
56	another error when handling malformed packets (CVE-2007-0061), leading
57	to stack-based buffer overflows or stack corruption. Rafal Wojtczvk
58	(McAfee) discovered two unspecified errors that allow authenticated
59	users with administrative or login privileges on a guest operating
60	system to corrupt memory or cause a Denial of Service (CVE-2007-4496,
61	CVE-2007-4497). Another unspecified vulnerability related to untrusted
62	virtual machine images was discovered (CVE-2007-5617).
63	</p>
64	<p>
65	VMware products also shipped code copies of software with several
66	vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT
67	Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow
68	(GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813,
69	CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146).
70	</p>
71	</description>
72	<impact type="normal">
73	<p>
74	Remote attackers within a guest system could possibly exploit these
75	vulnerabilities to execute code on the host system with elevated
76	privileges or to cause a Denial of Service.
77	</p>
78	</impact>
79	<workaround>
80	<p>
81	There is no known workaround at this time.
82	</p>
83	</workaround>
84	<resolution>
85	<p>
86	All VMware Workstation users should upgrade to the latest version:
87	</p>
88	<code>
89	# emerge --sync
90	# emerge --ask --oneshot --verbose ">=app-emulation/vmware-workstation-5.5.5.56455"</code>
91	<p>
92	All VMware Player users should upgrade to the latest version:
93	</p>
94	<code>
95	# emerge --sync
96	# emerge --ask --oneshot --verbose ">=app-emulation/vmware-player-1.0.5.56455"</code>
97	</resolution>
98	<references>
99	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0813">CVE-2004-0813</uri>
100	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619">CVE-2006-3619</uri>
101	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146">CVE-2006-4146</uri>
102	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600">CVE-2006-4600</uri>
103	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0061">CVE-2007-0061</uri>
104	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062">CVE-2007-0062</uri>
105	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063">CVE-2007-0063</uri>
106	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716">CVE-2007-1716</uri>
107	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4496">CVE-2007-4496</uri>
108	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4497">CVE-2007-4497</uri>
109	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5617">CVE-2007-5617</uri>
110	<uri link="http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml">GLSA-200606-02</uri>
111	<uri link="http://www.gentoo.org/security/en/glsa/glsa-200702-06.xml">GLSA-200702-06</uri>
112	<uri link="http://www.gentoo.org/security/en/glsa/glsa-200704-11.xml">GLSA-200704-11</uri>
113	<uri link="http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml">GLSA-200705-15</uri>
114	<uri link="http://www.gentoo.org/security/en/glsa/glsa-200707-11.xml">GLSA-200707-11</uri>
115	<uri link="http://lists.vmware.com/pipermail/security-announce/2007/000001.html">VMSA-2007-0006</uri>
116	</references>
117	<metadata tag="requester" timestamp="Wed, 07 Nov 2007 01:24:32 +0000">
118	rbu
119	</metadata>
120	<metadata tag="submitter" timestamp="Tue, 13 Nov 2007 02:06:33 +0000">
121	rbu
122	</metadata>
123	<metadata tag="bugReady" timestamp="Thu, 15 Nov 2007 23:43:42 +0000">
124	rbu
125	</metadata>
126	</glsa>
127
128
129
130	--
131	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits