VMware

 

VMware ACE 2.5.4 Release Notes

VMware ACE Version 2.5.4 | 2010/04/08 | Build 246459

Document Last Updated: 2010/04/08

These release notes cover the following topics:

Prior Releases

Features from the prior releases of VMware ACE are described in the following release notes:

Known Issues

VMware ACE includes the known issues listed in the Workstation 6.5.4 Release Notes.

Resolved Issues

The following issues are resolved in VMware ACE 2.5.4:

Security Fixes

  • Windows-based VMware Tools Unsafe Library Loading vulnerability
    A vulnerability in the way VMware libraries are referenced allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1141 to this issue.
  • Windows-based VMware Tools Arbitrary Code Execution vulnerability
    A vulnerability in the way VMware executables are loaded allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1142 to this issue.
  • Third party library update for libpng to version 1.2.37
    libpng through 1.2.35 contain an uninitialized-memory-read bug that may have security implications. Specifically, 1-bit (2-color) interlaced images whose widths are not divisible by 8 may result in several uninitialized bits at the end of certain rows in certain interlace passes being returned to the user. An application that failed to mask these out-of-bounds pixels might display or process them, albeit presumably with benign results in most cases.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2042 to this issue.
  • VMware VMnc Codec heap and integer overflow vulnerabilities
    The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player, and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player, and VMware ACE, or can be downloaded as a standalone package.

    Exploitation of these vulnerabilities results in the execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. This vulnerability is only present on Windows-based hosts.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1564 (heap overflow) and CVE-2009-1565 (integer overflow) to these issues.
  • Windows-based VMware authd remote denial of service
    A vulnerability in vmware-authd.exe could cause a denial of service condition on Windows-based hosts. The denial of service is limited to a crash of authd. This vulnerability is only present on Windows-based hosts.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3707 to this issue.
  • Potential information leak via hosted networking stack
    A vulnerability in the virtual networking stack of VMware hosted products could allow host information disclosure.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-1138 to this issue.

Miscellaneous

  • When the guest issues an invalid request against the LSI emulation code, it causes the virtual machine to fail with an error message NOT_IMPLEMENTED devices/lsilogic/lsilogic_monitor.c:779 bugNr=71018.
  • On Linux hosts that have faster timer frequency than the guest, powering on a virtual machine fails with the error message The host high-resolution timer device (/dev/rtc) is not available Permission denied). Without this device, the guest operating system can fail to keep time correctly. For more information, see http://vmware.com/info?id=34.
  • Easy Install does not work for 32-bit and 64-bit FreeBSD 7.1 guests.

VMware ACE includes the resolved issues listed in the Workstation 6.5.4 Release Notes.

Top of Page