VMware

 

VMware Workstation 6.5.4 Release Notes

Workstation Version 6.5.4 | 2010/04/08 | Build 246459

Document last updated: 2010/04/08

These release notes cover the following topics:

What's New

Workstation 6.5.4 accepts both 20 character license keys from Workstation 6.5.x and 25 character license keys from Workstation 7.x.

Workstation 6.5.4 is a maintenance release that resolves security as well as some known issues.

Prior Releases of Workstation

Features from the prior releases of VMware Workstation are described in the following Release Notes:

Known Issues

Following are the known issues for Workstation 6.5.4:

  • In some instances, adding vmware-authd.exe process to the firewall exception list causes VMware Workstation 6.5.4 installation on a Windows 7 Ultimate 64-bit host to fail.
    Workaround: Launch the VMware Workstation 6.5.4 installer again.
  • In the Windows 7 Printers control panel, you might see only the default printer, even though other printers are available.
    Workaround: To view other printers, right-click the default printer and point to printer Properties option.
  • On Windows 64-bit hosts, when installing VMware Workstation in a directory path that contains non-ASCII characters, a warning message appears and the installation continues.
    Workaround: Install VMware Workstation in a directory path containing only ASCII characters to avoid the warning message.
  • On 64-bit hosts, linked clones created from third-party backup images (for example, Symantec Backup Exec System Recovery files, Acronis True Image files, or StorageCraft ShadowProtect files) fail at startup with the error message: Cannot write to third-party image.
  • Attempting to drag and drop a file in Unity mode on Windows 7 Ultimate hosts with Ubuntu 9.0.4 guests might cause the operation to fail.
  • Drag and drop or copy and paste from a Windows XP guest to a 64-bit Ubuntu 9.04 host might fail with the error message: Error while copying.
  • When performing a drag and drop operation from the latest version of a Windows guest to a Ubuntu 9.0.4 host in Unity mode, an error message appears: The source and destination file names are the same. After canceling the error message, you can drop the file successfully.
  • If a guest is powered off while a drag and drop operation from a guest to a Linux host is in progress, drag and drop fails after the guest is restarted.
    Workaround: Restart the host.
  • Enabling Assistive Technology on a 64-bit SUSE Linux Enterprise Server 10.1 host prevents the Workstation from starting.
  • When converting Windows 2000 or Windows Server 2003, the Server License Information selected in the Conversion Wizard is not used, as a result, the default licensing mode is used in the guest.
  • On an Ubuntu 9.04 host, launching a Java application in a virtual machine that uses the Workstation Eclipse debugger plug-in, might cause Eclipse to crash.
  • VMX hangs in an ATI fglrx driver on an Ubuntu 9.04 host.

Top of Page

Resolved Issues

Workstation 6.5.4 release resolves the following issues:

Security Fixes

  • Windows-based VMware Tools Unsafe Library Loading vulnerability
    A vulnerability in the way VMware libraries are referenced allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1141 to this issue.
  • Windows-based VMware Tools Arbitrary Code Execution vulnerability
    A vulnerability in the way VMware executables are loaded allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1142 to this issue.
  • Third party library update for libpng to version 1.2.37
    libpng through 1.2.35 contain an uninitialized-memory-read bug that may have security implications. Specifically, 1-bit (2-color) interlaced images whose widths are not divisible by 8 may result in several uninitialized bits at the end of certain rows in certain interlace passes being returned to the user. An application that failed to mask these out-of-bounds pixels might display or process them, albeit presumably with benign results in most cases.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2042 to this issue.
  • VMware VMnc Codec heap and integer overflow vulnerabilities
    The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player, and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player, and VMware ACE, or can be downloaded as a standalone package.

    Exploitation of these vulnerabilities results in the execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. This vulnerability is only present on Windows-based hosts.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1564 (heap overflow) and CVE-2009-1565 (integer overflow) to these issues.
  • Windows-based VMware authd remote denial of service
    A vulnerability in vmware-authd.exe could cause a denial of service condition on Windows-based hosts. The denial of service is limited to a crash of authd. This vulnerability is only present on Windows-based hosts.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3707 to this issue.
  • Potential information leak via hosted networking stack
    A vulnerability in the virtual networking stack of VMware hosted products could allow host information disclosure.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-1138 to this issue.
  • vmrun format string vulnerability
    A format string vulnerability in vmrun could allow arbitrary code execution. This vulnerability is only present on Linux-based hosts.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-1139 to this issue.

Miscellaneous

  • When the guest issues an invalid request against the LSI emulation code, it causes the virtual machine to fail with an error message NOT_IMPLEMENTED devices/lsilogic/lsilogic_monitor.c:779 bugNr=71018.
  • When you install or uninstall Workstation 6.5.3, the Windows Firewall service settings switch to Automatic and started even if the settings were manually set to Disabled and stopped.
  • On Linux hosts that have faster timer frequency than the guest, powering on a virtual machine fails with the error message The host high-resolution timer device (/dev/rtc) is not available Permission denied). Without this device, the guest operating system can fail to keep time correctly. For more information, see http://vmware.com/info?id=34.
  • Easy Install does not work for 32-bit and 64-bit FreeBSD 7.1 guests.

Top of Page