VMware GSX Server 2.0.1 Release and Security Alert
From: DONALD.MULLER@JPMCHASE.COMDate: 08/06/02
- Previous message: 3APA3A: "SECURITY.NNOV: Windows 2000 system partition weak default permissions"
- Next in thread: Jeffrey Altman: "Re: VMware GSX Server 2.0.1 Release and Security Alert"
- Reply: Jeffrey Altman: "Re: VMware GSX Server 2.0.1 Release and Security Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 5 Aug 2002 22:54:01 -0400 From: DONALD.MULLER@JPMCHASE.COM To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
VMware has released a patch for buffer overflow conditions and other bug
fixes and improvements for their GSX Server version 2.0.0.
Dear VMware GSX Server Customer,
VMware has released VMware GSX Server 2.0.1 build 2129 for both
Windows and Linux platforms. This release incorporates critical
security fixes. We strongly urge all users of GSX Server 2.0 to
download and install the 2.0.1 update.
What is new in VMware GSX Server 2.0.1?
---------------------------------------
VMware GSX Server 2.0.1 includes:
- A fix for the VMware Authorization Server buffer overflow
vulnerability published to the BugTraq mailing list on July 24,
2002 (see http://online.securityfocus.com/archive/1/284020).
This vulnerability exists only in GSX Server 2.0.0 (for Windows)
build 2050. The vmware-authd.exe patch posted to our Web site on
July 25, 2002 is incorporated into this release.
- An updated version of OpenSSL with fixes for the buffer
overflow vulnerabilities reported in CERT Advisory CA-2002-23
(http://www.cert.org/advisories/CA-2002-23.html). This
vulnerability exists in the Windows and Linux versions of GSX
Server 2.0.0 build 2050.
- Improved VMware Scripting API sample scripts in the VmCOM and
VmPerl API packages.
- Corrections for issues with the vmware-cmd utility.
- Fixes for a VMware Remote Console memory leak on exit that could
cause the remote console client to run low on memory after many
sessions.
- Pre-built modules for TurboLinux 8.0 and SuSE Linux Enterprise
Server 7 update.
- Various other bug fixes and documentation improvements.
For a more details on new features, please go to:
http://www.vmware.com/support/gsx2/doc/whatsnew_gsx.html
How do I download VMware GSX Server 2.0.1?
------------------------------------------
Registered GSX Server 2.0 customers and active evaluators can
download GSX Server 2.0.1 from:
http://www.vmware.com/download/gsx_download.html
You will need to log in with your registered VMware email address
and password.
If you are a GSX Server 2.0 evaluator and your 10-day download access
period has expired, please note that we have extended your download
access through August 9 so that you may install the 2.0.1 release.
Installation instructions are available at:
http://www.vmware.com/support/gsx2/doc/install_gsx.html
Thank you for your attention to this important VMware GSX Server 2.0
security update.
Regards,
The VMware Team
- Previous message: 3APA3A: "SECURITY.NNOV: Windows 2000 system partition weak default permissions"
- Next in thread: Jeffrey Altman: "Re: VMware GSX Server 2.0.1 Release and Security Alert"
- Reply: Jeffrey Altman: "Re: VMware GSX Server 2.0.1 Release and Security Alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
