VMware patches holes in its products
VMWare has released security updates for several of it's products. A hole in the libpng library allows crafted images to introduce and run arbitrary code. The vulnerable applications are VMware Workstation 6.5.x, VMware Player 2.5.x, VMware ACE 2.5.x and VMware Server 2.x and 1.x. Users of the server version will need to wait a bit as VMware are still working on a patch.
The update for the Windows version of ACE 2.5.x also contains an update of the Apache Web server to version 2.0.63 to eliminate several vulnerabilities.
- VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server, advisory from VMware.