Virtualization Technology News and Information
Article
RSS
VMware Updates Workstation Product to 6.0.1

VMware has announced a minor dot upgrade to its desktop virtualization software - VMware Workstation 6.0.1, build 55017.  The update contains the following: 

Updated Support for Host and Guest Operating Systems

Workstation 6.0.1 adds experimental support for the following operating systems:

  • 32-bit and 64-bit Windows Server 2008 (code name Longhorn) as host and guest operating systems
  • 32-bit and 64-bit SUSE Linux Enterprise Server 10 SP1 as host and guest operating systems
  • 32-bit and 64-bit openSUSE Linux 10.3 as host and guest operating systems
  • 32-bit and 64-bit Turbolinux 10 Server as a guest operating system

Workstation 6.0.1 adds full support for the following operating systems:

  • 32-bit and 64-bit Ubuntu Linux 7.04 as host and guest operating systems
  • 32-bit and 64-bit Red Hat Enterprise Linux 4.5 (formerly called 4.0 Update 5) as host and guest operating systems
  • 32-bit and 64-bit FreeBSD 6.2 as a guest operating system

This release also includes the following new features:

  • Enablement for Japanese Product Versions
    For more information, see the Japanese release notes.
    Note: Technical Support services for VMware Workstation are currently delivered in English. Japanese-speaking support engineers are available in a limited capacity during the operating hours of the local support center. For more information, see VMware local language support.
  • User Interface for Collecting Support Data — You can now click a button in the Workstation Help > About dialog box to gather troubleshooting data for VMware Technical Support. Previously, you had to run the script from the command line.

Workstation 6.0.1 addresses the following security issues:

  • This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. This problem could result in a security vulnerability from some images stored in virtual machines downloaded by the user.
  • This release fixes several security vulnerabilities in the VMware DHCP server that could enable a malicious web page to gain system-level privileges.
    Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to these issues: CVE-2007-0061, CVE-2007-0062, CVE-2007-0063.
  • This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system.
    Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4059.
  • This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system.
    Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to this issue: CVE-2007-4155.
  • This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4496.
    Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
  • This release fixes a security vulnerability that could allow a guest operating system user without administrator privileges to cause a host process to become unresponsive or exit unexpectedly, making the guest operating system unusable. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following name to this issue: CVE-2007-4497.
    Thanks to Rafal Wojtczvk of McAfee for identifying and reporting this issue.
  • This release fixes a security vulnerability in which Workstation was starting registered Windows services such as the Authorization service with "bare" (unquoted) paths, such as c:\program files\vmware\.... Applications and services in Windows must be started with a quoted path. This vulnerability could allow a malicious user to escalate user privileges.
    Thanks to Foundstone for discovering this vulnerability.

You can download it, here.

Published Wednesday, September 19, 2007 6:30 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<September 2007>
SuMoTuWeThFrSa
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456