Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities: 1. VMWare Descheduled Time Accounting driver: The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable versions. This driver is an optional (non- - The virtual machine is running a Windows operating system. 2. libpng package for the ESX 2.5.5 Service Console The libpng package is used for creating and manipulating PNG (Portable Network Graphics) image format files. A crafted PNG file loaded by an application and linked against libpng could cause the application to crash or to allow arbitrary code execution that would run with the priveleges of the user that is using the application. Another flaw addresses PNG images that contain "unknown" chunks. If an application linked against libpng
|
Lorna 165 Posts ISC Handler May 29th 2009 |
Thread locked Subscribe |
May 29th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!