VMware Player 2.5.5 Release Notes
These release notes cover the following topics:
VMware Player 2.5.5 | 2010/12/02 | Build 328052
Document last updated: 2010/12/01
VMware Player 2.5.5 is a maintenance release that resolves security as well as some known issues.
Prior Releases of VMware Player
Features from the prior releases of VMware Player are described in the following Release Notes:
Following are the known issues for VMware Player 2.5.5:
- In the Windows 7 Printers control panel, you might see only the default printer, even though other printers are available.
Workaround: To view other printers, right-click the default printer and point to printer Properties option.
On Windows 64-bit hosts, when installing VMware Workstation in a directory path that contains non-ASCII characters, a warning message appears and the installation continues.
Workaround: Install VMware Workstation in a directory path containing only ASCII characters to avoid the warning message.
Attempting to drag and drop a file in Unity mode on Windows 7 Ultimate hosts with Ubuntu 9.0.4 guests might cause the operation to fail.
Drag and drop or copy and paste operations from a Windows XP guest to a 64-bit Ubuntu 9.04 host might produce the following error message: Error while copying.
When performing a drag and drop operation from the latest version of a Windows guest to a Ubuntu 9.0.4 host in Unity mode, an error message appears: The source and destination file names are the same. After cancelling the error message, you can drop the file successfully.
You will receive an error message after cancelling a drag and drop operation from the latest Windows guest to an Ubuntu 9.04 Desktop host.
If a guest is powered off while a drag and drop operation from a guest to a Linux host is in progress, drag and drop fails after the guest is restarted.
Workaround: Restart the host.
Enabling Assistive Technology on a 64-bit SUSE Linux Enterprise Server 10.1 host prevents the Player from starting.
VMX hangs in an ATI fglrx driver on an Ubuntu 9.04 host.
When you create a Red Hat Enterprise Linux 4.x virtual machine without using easy install, networking stops functioning after you install VMware Tools.
Workaround: Create a script to restart the networking service and add the script to the startup services.
Top of Page
The following issues are resolved in VMware Player 2.5.5.
A buffer overflow condition in libpng is addressed that could
potentially lead to code execution with the privileges of the
application using libpng. Two potential denial of service issues
are also addressed in the update.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1205, CVE-2010-0205, and CVE-2010-2249 to these issues.
The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player on Windows hosts. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package.
A function in the decoder frame decompression routine implicitly trusts a size value. An attacker can utilize this to miscalculate a destination pointer, leading to the corruption of a heap buffer, and could allow for execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video file on a system that has the vulnerable version of the VMnc codec installed.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4294 to this issue.
A vulnerability in the input validation of VMware Tools update allows for injection of commands. The issue could allow a user on the host to execute commands on the guest operating system with root privileges The issue can only be exploited if VMware Tools is not fully up-to-date. Windows-based virtual machines are not affected.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4297 to this issue.
Other Fixed Issues
The VMware Authorization Service service (Authd) consumes up to 100 percent of the CPU for several seconds at a time on some machines. Authd regularly checks performance counters to determine how much physical memory is in use. The implementation of this check has been changed in this release to make the processor impact negligible.
A virtual machine cannot open a virtual parallel (LPT) port that is connected to a physical port if the physical port's number exceeds the actual number of ports. For example, if the host has two parallel ports named LPT1 and LPT3, the virtual machine cannot open port LPT3. The following message appears in the log file when the virtual machine is powered on: [msg.parallel.badDriver] Cannot open VMparport driver for LPT<n>.
Top of Page