VMware patches ESX Server
VMware has published updates for its ESX Server series to eliminate three vulnerabilities. These include an error in the SNMPv3 implementation that has been known about since the middle of the year. This nullifies the authentication function, enabling attackers to access the Server. The update also eliminates a buffer overflow in the [codelibtiff[/code] graphics library] through which arbitrary code can be injected and executed by means of crafted TIFF files.
Installing the update also eliminates an error in the
libxml2 library that can crash applications accessing it. Not all of the errors are present in every version, however: a detailed overview is given in the original VMware Security Announcement, which also contains links to updates for the various versions.
- VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff, VMware Security Announcement