VMware ACE 2.5.4 Release Notes
VMware ACE Version 2.5.4 | 2010/04/08 | Build 246459
Document Last Updated: 2010/04/08 |
These release notes cover the following topics:
Prior Releases
Features from the prior releases of VMware ACE are described in the following release notes:
Known Issues
VMware ACE includes the known issues
listed in the Workstation 6.5.4 Release Notes.
Resolved Issues
The following issues are resolved in VMware ACE 2.5.4:
Security Fixes
- Windows-based VMware Tools Unsafe Library Loading vulnerability
A vulnerability in the way VMware libraries are referenced allows
for arbitrary code execution in the context of the logged on user.
This vulnerability is present only on Windows Guest Operating
Systems.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1141 to this issue.
- Windows-based VMware Tools Arbitrary Code Execution vulnerability
A vulnerability in the way VMware executables are loaded allows for
arbitrary code execution in the context of the logged on user. This
vulnerability is present only on Windows Guest Operating Systems.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1142 to this issue.
- Third party library update for libpng to version 1.2.37
libpng through 1.2.35 contain an uninitialized-memory-read bug
that may have security implications. Specifically, 1-bit (2-color)
interlaced images whose widths are not divisible by 8 may result in
several uninitialized bits at the end of certain rows in certain
interlace passes being returned to the user. An application that
failed to mask these out-of-bounds pixels might display or process
them, albeit presumably with benign results in most cases.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2042 to this issue.
- VMware VMnc Codec heap and integer overflow vulnerabilities
The VMware movie decoder contains the VMnc media codec that is
required to play back movies recorded with VMware Workstation,
VMware Player, and VMware ACE, in any compatible media player. The
movie decoder is installed as part of VMware Workstation, VMware
Player, and VMware ACE, or can be downloaded as a standalone
package.
Exploitation of these vulnerabilities results in the execution of
arbitrary code with the privileges of the user running an
application utilizing the vulnerable codec. This vulnerability is only
present on Windows-based hosts.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1564 (heap overflow) and
CVE-2009-1565 (integer overflow) to these issues.
- Windows-based VMware authd remote denial of service
A vulnerability in vmware-authd.exe could cause a denial
of service condition on Windows-based hosts. The denial of service
is limited to a crash of authd. This vulnerability is only
present on Windows-based hosts.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-3707 to this issue.
- Potential information leak via hosted networking stack
A vulnerability in the virtual networking stack of VMware hosted
products could allow host information disclosure.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-1138 to this issue.
Miscellaneous
-
When the guest issues an invalid request against the LSI emulation code, it causes the virtual machine to fail with an error message NOT_IMPLEMENTED devices/lsilogic/lsilogic_monitor.c:779 bugNr=71018.
-
On Linux hosts that have faster timer frequency than the guest, powering on a virtual machine fails with the error message The host high-resolution timer device (/dev/rtc) is not available Permission denied). Without this device, the guest operating system can fail to keep time correctly. For more information, see http://vmware.com/info?id=34.
-
Easy Install does not work for 32-bit and 64-bit FreeBSD 7.1 guests.
VMware ACE includes the resolved issues listed in the Workstation 6.5.4 Release Notes.
Top of Page
|