| ||||||||||||||||
Gentoo alert 200308-03 (vmware-workstation)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200308-03 - - - --------------------------------------------------------------------- PACKAGE : vmware-workstation SUMMARY : local full host access DATE : 2003-08-25 13:44 UTC EXPLOIT : local VERSIONS AFFECTED : <vmware-workstation-4.0.1-5289 <vmware-workstation-3.2.1-2242 FIXED VERSION : >=vmware-workstation-4.0.1-5289 >=vmware-workstation-3.2.1-2242 CVE : CAN-2003-0480 CAN-2003-0631 - - - --------------------------------------------------------------------- - From advisory: "By manipulating the VMware GSX Server and VMware Workstation environment variables, a program such as a shell session with root privileges could be started when a virtual machine is launched. The user would then have full access to the host." Read the full advisories at: http://www.securityfocus.com/archive/1/330184 SOLUTION It is recommended that all Gentoo Linux users who are running app-emulation/vmware-workstation upgrade to either vmware-workstation-3.2.1-2242 or vmware-workstation-4.0.1-5289 follows: emerge sync emerge vmware-workstation-<VERSION> emerge clean - - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/ShLGfT7nyhUpoZMRAuZpAJ9hbaB1L9bpaEZ+dxriK5gkq91WoACfTbak ypAHrWqhBJVhCa7TpYxXsTk= =JHk+ -----END PGP SIGNATURE----- (Log in to post comments)
|
||||||||||||||||