Security update for VMware
VMware has issued updates to fix vulnerabilities in a number of its virtualisation solutions. One problem affecting virtually all products, with the exception of older versions of ESX(i) Server, is that a malicious request sent from a guest operating system to the virtual hardware can cause the virtual hardware to write to uncontrolled physical memory.
VMWare doesn't say if this could be exploited, but the system is likely to become unstable as a result. VMware therefore rates the vulnerability as critical.
An update for the ESX and ESXi server also fixes a problem in the bzip2 (de)compression program, which crashes when attempting to decompress malformed archives and can then also cause applications linked to the libbz2 library to crash. The original manufacturer's report contains links to all of the updates for each product.
See also:
- VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2, report from VMware
(djwm)