Patches for VMware ESX and ESXi
VMware has released updates for the ESX server and ESXi hypervisor, to fix four vulnerabilities which affect VMware ESXi 3.5, VMware ESX 3.5, VMware ESX 3.0.3 and VMware ESX 3.0.2. One fix is for an issue with corrupted VMDK delta snapshots, which meant that if a corrupted snapshot was loaded, it was possible that it could crash the ESX host.
The net-snmp package was fixed to remove its vulnerability to denial-of-service attacks related to the processing of SNMP GETBULK commands. The XML parser library, libxml2, was also fixed as it suffered from an integer overflow vulnerability, which could cause a buffer overflow with a subsequent crash of the affected application, or potentially lead to execution of arbitrary code. A second bug fixed in the XML parser, made it possible to place the application in an endless loop, by feeding it malformed XML.
- VMSA-2009-0001 ESX patches address an issue loading corrupt virtual disks and update Service Console packages, VMWare security announcement