[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201209-25.xml - gentoo-commits

From:	"Sean Amoss (ackle)" <ackle@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201209-25.xml
Date:	Sat, 29 Sep 2012 13:14:14
Message-Id:	`20120929131404.230ED21600@flycatcher.gentoo.org`

1

ackle       12/09/29 13:14:04

2

3

  Added:                glsa-201209-25.xml

4

  Log:

5

  GLSA 201209-25

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201209-25.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201209-25.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201209-25.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201209-25.xml

14

===================================================================

15

<?xml version="1.0" encoding="UTF-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

<glsa id="201209-25">

20

  <title>VMware Player, Server, Workstation: Multiple vulnerabilities</title>

21

  <synopsis>Multiple vulnerabilities have been found in VMware Player, Server,

22

    and Workstation, allowing remote and local attackers to conduct several

23

    attacks, including privilege escalation, remote execution of arbitrary

24

    code, and a Denial of Service.

25

  </synopsis>

26

  <product type="ebuild">vmware-server vmware-player vmware-workstation</product>

27

  <announced>September 29, 2012</announced>

28

  <revised>September 29, 2012: 2</revised>

29

  <bug>213548</bug>

30

  <bug>224637</bug>

31

  <bug>236167</bug>

32

  <bug>245941</bug>

33

  <bug>265139</bug>

34

  <bug>282213</bug>

35

  <bug>297367</bug>

36

  <bug>335866</bug>

37

  <bug>385727</bug>

38

  <access>local, remote</access>

39

  <affected>

40

    <package name="app-emulation/vmware-player" auto="yes" arch="*">

41

      <vulnerable range="le">2.5.5.328052</vulnerable>

42

    </package>

43

    <package name="app-emulation/vmware-workstation" auto="yes" arch="*">

44

      <vulnerable range="le">6.5.5.328052</vulnerable>

45

    </package>

46

    <package name="app-emulation/vmware-server" auto="yes" arch="*">

47

      <vulnerable range="le">1.0.9.156507</vulnerable>

48

    </package>

49

  </affected>

50

  <background>

51

    <p>VMware Player, Server, and Workstation allow emulation of a complete PC

52

      on a PC without the usual performance overhead of most emulators.

53

    </p>

54

  </background>

55

  <description>

56

    <p>Multiple vulnerabilities have been discovered in VMware Player, Server,

57

      and Workstation. Please review the CVE identifiers referenced below for

58

      details.

59

    </p>

60

  </description>

61

  <impact type="high">

62

    <p>Local users may be able to gain escalated privileges, cause a Denial of

63

      Service, or gain sensitive information. 

64

    </p>

65

66

    <p>A remote attacker could entice a user to open a specially crafted file,

67

      possibly resulting in the remote execution of arbitrary code, or a Denial

68

      of Service. Remote attackers also may be able to spoof DNS traffic, read

69

      arbitrary files, or inject arbitrary web script to the VMware Server

70

      Console. 

71

    </p>

72

73

    <p>Furthermore, guest OS users may be able to execute arbitrary code on the

74

      host OS, gain escalated privileges on the guest OS, or cause a Denial of

75

      Service (crash the host OS).

76

    </p>

77

  </impact>

78

  <workaround>

79

    <p>There is no known workaround at this time.</p>

80

  </workaround>

81

  <resolution>

82

    <p>Gentoo discontinued support for VMware Player. We recommend that users

83

      unmerge VMware Player:

84

    </p>

85

86

    <code>

87

      # emerge --unmerge "app-emulation/vmware-player"

88

    </code>

89

90

    <p>NOTE: Users could upgrade to

91

      “&gt;=app-emulation/vmware-player-3.1.5”, however these packages are

92

      not currently stable.

93

    </p>

94

95

    <p>Gentoo discontinued support for VMware Workstation. We recommend that

96

      users unmerge VMware Workstation:

97

    </p>

98

99

    <code>

100

      # emerge --unmerge "app-emulation/vmware-workstation"

101

    </code>

102

103

    <p>NOTE: Users could upgrade to

104

      “&gt;=app-emulation/vmware-workstation-7.1.5”, however these packages

105

      are not currently stable.

106

    </p>

107

108

    <p>Gentoo discontinued support for VMware Server. We recommend that users

109

      unmerge VMware Server:

110

    </p>

111

112

    <code>

113

      # emerge --unmerge "app-emulation/vmware-server"

114

    </code>

115

  </resolution>

116

  <references>

117

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269">CVE-2007-5269</uri>

118

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503 ">

119

      CVE-2007-5503 

120

    </uri>

121

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671 ">

122

      CVE-2007-5671 

123

    </uri>

124

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967 ">

125

      CVE-2008-0967 

126

    </uri>

127

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340 ">

128

      CVE-2008-1340 

129

    </uri>

130

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361 ">

131

      CVE-2008-1361 

132

    </uri>

133

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362 ">

134

      CVE-2008-1362 

135

    </uri>

136

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363 ">

137

      CVE-2008-1363 

138

    </uri>

139

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364 ">

140

      CVE-2008-1364 

141

    </uri>

142

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392 ">

143

      CVE-2008-1392 

144

    </uri>

145

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447 ">

146

      CVE-2008-1447 

147

    </uri>

148

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806 ">

149

      CVE-2008-1806 

150

    </uri>

151

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807 ">

152

      CVE-2008-1807 

153

    </uri>

154

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808 ">

155

      CVE-2008-1808 

156

    </uri>

157

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098 ">

158

      CVE-2008-2098 

159

    </uri>

160

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100 ">

161

      CVE-2008-2100 

162

    </uri>

163

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101 ">

164

      CVE-2008-2101 

165

    </uri>

166

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915 ">

167

      CVE-2008-4915 

168

    </uri>

169

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916 ">

170

      CVE-2008-4916 

171

    </uri>

172

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917 ">

173

      CVE-2008-4917 

174

    </uri>

175

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 ">

176

      CVE-2009-0040 

177

    </uri>

178

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909 ">

179

      CVE-2009-0909 

180

    </uri>

181

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910 ">

182

      CVE-2009-0910 

183

    </uri>

184

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244">CVE-2009-1244</uri>

185

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267 ">

186

      CVE-2009-2267 

187

    </uri>

188

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707 ">

189

      CVE-2009-3707 

190

    </uri>

191

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732 ">

192

      CVE-2009-3732 

193

    </uri>

194

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733 ">

195

      CVE-2009-3733 

196

    </uri>

197

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811 ">

198

      CVE-2009-4811 

199

    </uri>

200

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137 ">

201

      CVE-2010-1137 

202

    </uri>

203

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138 ">

204

      CVE-2010-1138 

205

    </uri>

206

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139 ">

207

      CVE-2010-1139 

208

    </uri>

209

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140 ">

210

      CVE-2010-1140 

211

    </uri>

212

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141 ">

213

      CVE-2010-1141 

214

    </uri>

215

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142 ">

216

      CVE-2010-1142 

217

    </uri>

218

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143 ">

219

      CVE-2010-1143 

220

    </uri>

221

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868">CVE-2011-3868</uri>

222

  </references>

223

  <metadata tag="requester" timestamp="Fri, 07 Oct 2011 23:37:01 +0000">system</metadata>

224

  <metadata tag="submitter" timestamp="Sat, 29 Sep 2012 13:12:45 +0000">ackle</metadata>

225

</glsa>

1	ackle 12/09/29 13:14:04
2
3	Added: glsa-201209-25.xml
4	Log:
5	GLSA 201209-25
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201209-25.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201209-25.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201209-25.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201209-25.xml
14	===================================================================
15	<?xml version="1.0" encoding="UTF-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19	<glsa id="201209-25">
20	<title>VMware Player, Server, Workstation: Multiple vulnerabilities</title>
21	<synopsis>Multiple vulnerabilities have been found in VMware Player, Server,
22	and Workstation, allowing remote and local attackers to conduct several
23	attacks, including privilege escalation, remote execution of arbitrary
24	code, and a Denial of Service.
25	</synopsis>
26	<product type="ebuild">vmware-server vmware-player vmware-workstation</product>
27	<announced>September 29, 2012</announced>
28	<revised>September 29, 2012: 2</revised>
29	<bug>213548</bug>
30	<bug>224637</bug>
31	<bug>236167</bug>
32	<bug>245941</bug>
33	<bug>265139</bug>
34	<bug>282213</bug>
35	<bug>297367</bug>
36	<bug>335866</bug>
37	<bug>385727</bug>
38	<access>local, remote</access>
39	<affected>
40	<package name="app-emulation/vmware-player" auto="yes" arch="*">
41	<vulnerable range="le">2.5.5.328052</vulnerable>
42	</package>
43	<package name="app-emulation/vmware-workstation" auto="yes" arch="*">
44	<vulnerable range="le">6.5.5.328052</vulnerable>
45	</package>
46	<package name="app-emulation/vmware-server" auto="yes" arch="*">
47	<vulnerable range="le">1.0.9.156507</vulnerable>
48	</package>
49	</affected>
50	<background>
51	<p>VMware Player, Server, and Workstation allow emulation of a complete PC
52	on a PC without the usual performance overhead of most emulators.
53	</p>
54	</background>
55	<description>
56	<p>Multiple vulnerabilities have been discovered in VMware Player, Server,
57	and Workstation. Please review the CVE identifiers referenced below for
58	details.
59	</p>
60	</description>
61	<impact type="high">
62	<p>Local users may be able to gain escalated privileges, cause a Denial of
63	Service, or gain sensitive information.
64	</p>
65
66	<p>A remote attacker could entice a user to open a specially crafted file,
67	possibly resulting in the remote execution of arbitrary code, or a Denial
68	of Service. Remote attackers also may be able to spoof DNS traffic, read
69	arbitrary files, or inject arbitrary web script to the VMware Server
70	Console.
71	</p>
72
73	<p>Furthermore, guest OS users may be able to execute arbitrary code on the
74	host OS, gain escalated privileges on the guest OS, or cause a Denial of
75	Service (crash the host OS).
76	</p>
77	</impact>
78	<workaround>
79	<p>There is no known workaround at this time.</p>
80	</workaround>
81	<resolution>
82	<p>Gentoo discontinued support for VMware Player. We recommend that users
83	unmerge VMware Player:
84	</p>
85
86	<code>
87	# emerge --unmerge "app-emulation/vmware-player"
88	</code>
89
90	<p>NOTE: Users could upgrade to
91	“>=app-emulation/vmware-player-3.1.5”, however these packages are
92	not currently stable.
93	</p>
94
95	<p>Gentoo discontinued support for VMware Workstation. We recommend that
96	users unmerge VMware Workstation:
97	</p>
98
99	<code>
100	# emerge --unmerge "app-emulation/vmware-workstation"
101	</code>
102
103	<p>NOTE: Users could upgrade to
104	“>=app-emulation/vmware-workstation-7.1.5”, however these packages
105	are not currently stable.
106	</p>
107
108	<p>Gentoo discontinued support for VMware Server. We recommend that users
109	unmerge VMware Server:
110	</p>
111
112	<code>
113	# emerge --unmerge "app-emulation/vmware-server"
114	</code>
115	</resolution>
116	<references>
117	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269">CVE-2007-5269</uri>
118	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503 ">
119	CVE-2007-5503
120	</uri>
121	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671 ">
122	CVE-2007-5671
123	</uri>
124	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967 ">
125	CVE-2008-0967
126	</uri>
127	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340 ">
128	CVE-2008-1340
129	</uri>
130	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361 ">
131	CVE-2008-1361
132	</uri>
133	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362 ">
134	CVE-2008-1362
135	</uri>
136	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363 ">
137	CVE-2008-1363
138	</uri>
139	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364 ">
140	CVE-2008-1364
141	</uri>
142	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392 ">
143	CVE-2008-1392
144	</uri>
145	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447 ">
146	CVE-2008-1447
147	</uri>
148	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806 ">
149	CVE-2008-1806
150	</uri>
151	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807 ">
152	CVE-2008-1807
153	</uri>
154	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808 ">
155	CVE-2008-1808
156	</uri>
157	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098 ">
158	CVE-2008-2098
159	</uri>
160	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100 ">
161	CVE-2008-2100
162	</uri>
163	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101 ">
164	CVE-2008-2101
165	</uri>
166	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915 ">
167	CVE-2008-4915
168	</uri>
169	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916 ">
170	CVE-2008-4916
171	</uri>
172	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917 ">
173	CVE-2008-4917
174	</uri>
175	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 ">
176	CVE-2009-0040
177	</uri>
178	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909 ">
179	CVE-2009-0909
180	</uri>
181	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910 ">
182	CVE-2009-0910
183	</uri>
184	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244">CVE-2009-1244</uri>
185	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267 ">
186	CVE-2009-2267
187	</uri>
188	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707 ">
189	CVE-2009-3707
190	</uri>
191	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732 ">
192	CVE-2009-3732
193	</uri>
194	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733 ">
195	CVE-2009-3733
196	</uri>
197	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811 ">
198	CVE-2009-4811
199	</uri>
200	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137 ">
201	CVE-2010-1137
202	</uri>
203	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138 ">
204	CVE-2010-1138
205	</uri>
206	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139 ">
207	CVE-2010-1139
208	</uri>
209	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140 ">
210	CVE-2010-1140
211	</uri>
212	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141 ">
213	CVE-2010-1141
214	</uri>
215	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142 ">
216	CVE-2010-1142
217	</uri>
218	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143 ">
219	CVE-2010-1143
220	</uri>
221	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868">CVE-2011-3868</uri>
222	</references>
223	<metadata tag="requester" timestamp="Fri, 07 Oct 2011 23:37:01 +0000">system</metadata>
224	<metadata tag="submitter" timestamp="Sat, 29 Sep 2012 13:12:45 +0000">ackle</metadata>
225	</glsa>

Gentoo Archives: gentoo-commits