In the latest security advisory, VMware has released updates for both its ESX and ESXi hypervisor products that fixes four vulnerabilities that affect VMware ESXi 3.5, VMware ESX 3.5, VMware ESX 3.0.3 and VMware ESX 3.0.2.

One fix is for an issue with corrupted VMDK delta snapshots, which states that if a corrupted snapshot is loaded, it could cause a crash of the ESX host.

If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded.  VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts.

A corrupt VMDK delta disk, or virtual machine would have to be loaded by an administrator.
 

The Console's Net-SNMP package was fixed to remove a vulnerability to denial-of-service attacks.

Net-SNMP is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts.

A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash.
 

The XML parser library, libxml2, was also fixed because it suffered from an integer overflow vulnerability.  A second bug fixed in the XML parser made it possible to place the application in an endless loop, by feeding it malformed XML.

An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. 

A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop.

Find out more about these VMware Security Announcements, here.