Security Advisories are the official notification of security-related vulnerabilities and issues impacting VMware products. Security Advisories outline complete information on how to protect impacted systems. Each advisory contains a detailed description of the security vulnerability, affected systems, threat severity, risk mitigation techniques for fixing the vulnerability and securing the system.
VMware Security Advisories
January 29, 2010 VMSA-2010-0002
VMware vCenter update release addresses multiple security issues in Java JRE
December 15, 2009 VMSA-2009-0017
VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues
November 20, 2009 VMSA-2009-0016.2
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
October 16, 2009 VMSA-2009-0014.2
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
September 4, 2009 VMSA-2009-0012
VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.
August 31, 2009 VMSA-2009-0011
VMware Studio 2.0 addresses a security issue in the public beta version of Studio 2.0
April 10, 2009 VMSA-2009-0006
VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
April 3, 2009 VMSA-2009-0005
VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
February 23, 2009 VMSA-2009-0002.2
Updated VMware VirtualCenter Update 4 and ESX patch update Tomcat packages.
January 30, 2009 VMSA-2009-0001.1
ESX patches address an issue loading corrupt virtual disks and update Service Console packages
December 3, 2008 VMSA-2008-0019.1
VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
November 6, 2008 VMSA-2008-0018
VMware Hosted products and patches for ESX and ESXi resolve two security issues
October 3, 2008 VMSA-2008-0016.2
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
September 18, 2008 VMSA-0008-0015
Updated ESXi and ESX 3.5 packages address critical security issue in openwsman
September 2, 2008 VMSA-2008-0014.3
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.
August 12, 2008 VMSA-2008-0012
Updated VirtualCenter addresses User Account Disclosure Vulnerability
June 16, 2008 VMSA-2008-0010.3
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
June 4, 2008 VMSA-2008-0009.2
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
May 30, 2008 VMSA-2008-0008
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues
April 16, 2008 VMSA-2008-0007.2
Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
March 17, 2008 VMSA-2008-0005.1
Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line.
February 21, 2008 VMSA-2008-0003.1
Updated aacraid driver and Samba and Python service console updates
January 7, 2008 VMSA-2008-0002.1
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
September 18, 2007 VMSA-2007-0006
Updated versions of all supported hosted products and all ESX 2x products and patches for ESX 30x address critical security updates. Service Console security updates for samba, bind, krb5, vixie-cron, shadow-utils, openldap, pam,...
July 5, 2007 VMSA-2007-0005
Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.
May 17, 2007 VMSA-2007-0004.1
Multiple Denial-of-Service issues fixed. A directory traversal vulnerability is also addressed.
