VMware Player 2.5.4 Release Notes

• What's New
• Prior Releases
• Known Issues
• Resolved Issues

What's New

VMware Player 2.5.4 is a maintenance release that resolves security as well as some known issues.

Prior Releases of VMware Player

Features from the prior releases of VMware Player are described in the following Release Notes:

• Player 2.5.3 Release Notes
• Player 2.5.2 Release Notes
• Player 2.5.1 Release Notes
• Player 2.5.0 Release Notes

Known Issues

Following are the known issues for VMware Player 2.5.4:

• In the Windows 7 Printers control panel, you might see only the default printer, even though other printers are available.
  Workaround: To view other printers, right-click the default printer and point to printer Properties option.
• On Windows 64-bit hosts, when installing VMware Workstation in a directory path that contains non-ASCII characters, a warning message appears and the installation continues.
  Workaround: Install VMware Workstation in a directory path containing only ASCII characters to avoid the warning message.
• Attempting to drag and drop a file in Unity mode on Windows 7 Ultimate hosts with Ubuntu 9.0.4 guests might cause the operation to fail.
• Drag and drop or copy and paste operations from a Windows XP guest to a 64-bit Ubuntu 9.04 host might produce the following error message: Error while copying.
• When performing a drag and drop operation from the latest version of a Windows guest to a Ubuntu 9.0.4 host in Unity mode, an error message appears: The source and destination file names are the same. After cancelling the error message, you can drop the file successfully.
• You will receive an error message after cancelling a drag and drop operation from the latest Windows guest to an Ubuntu 9.04 Desktop host.
• If a guest is powered off while a drag and drop operation from a guest to a Linux host is in progress, drag and drop fails after the guest is restarted.
  Workaround: Restart the host.
• Enabling Assistive Technology on a 64-bit SUSE Linux Enterprise Server 10.1 host prevents the Player from starting.
• VMX hangs in an ATI fglrx driver on an Ubuntu 9.04 host.

Top of Page

Resolved Issues

VMware Player 2.5.4 release resolves the following issues:

Security Fixes

• Windows-based VMware Tools Unsafe Library Loading vulnerability
  A vulnerability in the way VMware libraries are referenced allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems.
  
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1141 to this issue.
• Windows-based VMware Tools Arbitrary Code Execution vulnerability
  A vulnerability in the way VMware executables are loaded allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems.
  
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1142 to this issue.
• Windows-based VMware Workstation and Player host privilege escalation
  A local attacker on the host of a Windows-based Operating System where VMware Workstation or VMware Player is installed could plant a malicious executable on the host and elevate their privileges.
  
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1140 to this issue.
• Third party library update for libpng to version 1.2.37
  libpng through 1.2.35 contain an uninitialized-memory-read bug that may have security implications. Specifically, 1-bit (2-color) interlaced images whose widths are not divisible by 8 may result in several uninitialized bits at the end of certain rows in certain interlace passes being returned to the user. An application that failed to mask these out-of-bounds pixels might display or process them, albeit presumably with benign results in most cases.
  
  The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2042 to this issue.
• VMware VMnc Codec heap and integer overflow vulnerabilities
  The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player, and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player, and VMware ACE, or can be downloaded as a standalone package.
  
  Exploitation of these vulnerabilities results in the execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. This vulnerability is only present on Windows-based hosts.
  
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1564 (heap overflow) and CVE-2009-1565 (integer overflow) to these issues.
• Windows-based VMware authd remote denial of service
  A vulnerability in vmware-authd.exe could cause a denial of service condition on Windows-based hosts. The denial of service is limited to a crash of authd. This vulnerability is only present on Windows-based hosts.
  
  The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3707 to this issue.
• Potential information leak via hosted networking stack
  A vulnerability in the virtual networking stack of VMware hosted products could allow host information disclosure.
  
  The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-1138 to this issue.

Miscellaneous

• When the guest issues an invalid request against the LSI emulation code, it causes the virtual machine to fail with an error message NOT_IMPLEMENTED devices/lsilogic/lsilogic_monitor.c:779 bugNr=71018.
• On Linux hosts that have faster timer frequency than the guest, powering on a virtual machine fails with the error message The host high-resolution timer device (/dev/rtc) is not available Permission denied). Without this device, the guest operating system can fail to keep time correctly. For more information, see http://vmware.com/info?id=34.

Top of Page