Security updates for VMware
VMware has released security updates to fix a denial of service (DoS) vulnerability in its Descheduled Time Accounting driver. The vulnerability only affects Windows versions of the VMware software. The affected driver is an optional part of the VMware Tools installation and is an experimental service to improve guest operating system performance. VMware does not provide any further details. All VMware products are affected by the vulnerability. The driver will not be included in future VMware products, starting with Fusion 2.0.2 and ESX 4.0.
Another update was released for ESX 2.5.5 that addresses two security vulnerabilities in the libpng graphics library that could allow an attacker to crash a system and potentially execute arbitrary code.
See also:
- VMSA-2009-0007, advisory from VMware.
(crve)