VMWare Workstation 8.0.4 and Player 4.0.4 Released
VMWare has released an update to their Workstation and Player release. They are now reaching 8.0.4 and 4.0.4 respectively. The Workstation's Release Notes said that this version has two security fixes and 5 bug fixes:
General Issues
- Linux guests running the Linux kernel version 2.6.34 or later could not be pinged from the host via an IPv6 address.
- On rare occasions, Linux guests would suddenly fail to Autofit or enter Unity.
- Unity mode would exit if the title bar of an application contained certain non UTF-8 encoded extended ASCII characters.
- On Windows hosts, the VMware Workstation user interface sometimes became unresponsive when minimized from full-screen mode if the suggestion balloon was being displayed.
- On Windows hosts, the user interface sometimes became unresponsive if the application was rendered on an extended display that was abruptly disconnected.
Security Issues
- VMware host Checkpoint file memory corruption
Input data was not properly validated when loading Checkpoint files. This issue could have allowed an attacker with the ability to load a specially crafted Checkpoint file to execute arbitrary code on the host.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3288 to this issue. - VMware virtual machine remote device denial of service
A device (such as CD-ROM or keyboard) that is available to a virtual machine while physically connected to a system that does not run the virtual machine is referred to as a remote device. Traffic coming from remote virtual devices was incorrectly handled. This issue could have allowed an attacker who was capable of manipulating the traffic from a remote virtual device to crash the virtual machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3289 to this issue.