| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Mar 2008 17:32:21 -0700 From: VMware Security team <security@...are.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: VMSA-2008-0006 Updated libxml2 service console package -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- ~ VMware Security Advisory Advisory ID: VMSA-2008-0006 Synopsis: Updated libxml2 service console package Issue date: 2008-03-28 Updated on: 2008-03-28 (initial release of advisory) CVE number: CVE-2007-6284 - ------------------------------------------------------------------- 1. Summary: ~ Updated libxml2 package addresses a security issue. 2. Relevant releases: ~ VMware ESX 2.5.5 before Upgrade Patch 6 ~ VMware ESX 2.5.4 before Upgrade Patch 17 NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security and Bug fixes) is 10/08/2008. Users should plan to upgrade to at least 2.5.5 and preferably the newest release available before the end of extended support. ESX Server prior to 2.5.4 are no longer in Extended Support. Users should upgrade to a supported version of the product. The VMware Infrastructure Support Life Cycle Policy can be found here: http://www.vmware.com/support/policies/eos_vi.html 3. Problem description: ~ Updated libxml2 package to address a denial of service flaw. ~ Thanks to the Google security team for identifying and reporting ~ this issue. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-6284 to this issue. 4. Solution: Please review the Patch notes for your product and version and verify the md5sum of your downloaded file. ESX 2.5.5 Upgrade Patch 6 http://download3.vmware.com/software/esx/esx-2.5.5-78667-upgrade.tar.gz md5sum: b4d5e98cc175a507e8f89d9c7b993e2c http://vmware.com/support/esx25/doc/esx-255-200803-patch.html ESX 2.5.4 Upgrade Patch 17 http://download3.vmware.com/software/esx/esx-2.5.4-78717-upgrade.tar.gz md5sum: 827406844dacba92f695980f49119465 http://vmware.com/support/esx25/doc/esx-254-200803-patch.html 5. References: ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284 - ------------------------------------------------------------------- 6. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: ~ * security-announce@...ts.vmware.com ~ * bugtraq@...urityfocus.com ~ * full-disclosure@...ts.grok.org.uk E-mail: security@...are.com Security web site http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7Y4TS2KysvBH1xkRCN8OAJ0eVZsU0UdJ3Uxq13lwL8aqHNGQDgCeO6I4 GQohVVhkDGpY15oIWJudPxw= =QvVA -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists