lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <47CC7772.8030509@vmware.com>
Date: Mon, 03 Mar 2008 14:10:58 -0800
From: VMware Security team <security@...are.com>
To: security-announce@...ts.vmware.com, bugtraq@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk
Subject: VMSA-2008-0004 Low: Updated e2fsprogs service console package

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
~                   VMware Security Advisory

Advisory ID:       VMSA-2008-0004
Synopsis:          Low: Updated e2fsprogs service console package
Issue date:        2008-03-03
Updated on:        2008-03-03 (initial release of advisory)
CVE numbers:       CVE-2007-5497
- -------------------------------------------------------------------

1. Summary:

Updated service console package e2fsprogs.

2. Relevant releases:

ESX Server 2.5.5 Upgrade Patch 5
ESX Server 2.5.4 Upgrade Patch 16

NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security
~      and Bug fixes) is 10/08/2008.  Users should plan to upgrade to at
~      least 2.5.5 and preferably the newest release available before
~      the end of extended support.

~      ESX Server prior to 2.5.4 are no longer in Extended Support.
~      Users should upgrade to a supported version of the product.

~      The VMware Infrastructure Support Life Cycle Policy can be found
~      here: http://www.vmware.com/support/policies/eos_vi.html

3. Problem description:

Updated e2fsprogs package address multiple integer overflow flaws

Thanks to Rafal Wojtczuk of McAfee Avert Research for identifying
and reporting this issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5497 to this issue.

4. Solution:

Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.

ESX Server 2.x Patches:
http://www.vmware.com/download/esx/esx2_patches.html

ESX Server 2.5.5 Upgrade Patch 5
http://download3.vmware.com/software/esx/esx-2.5.5-73417-upgrade.tar.gz
md5sum: cf0addac42cb2057c47065971f56bee6
http://www.vmware.com/support/esx25/doc/esx-255-200802-patch.html

ESX Server 2.5.4 Upgrade Patch 16
http://download3.vmware.com/software/esx/esx-2.5.4-73416-upgrade.tar.gz
md5sum: b7b2cbfd45380124c128831dca8bc2b0
http://www.vmware.com/support/esx25/doc/esx-254-200802-patch.html

5. References:

~   CVE numbers
~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497

- -------------------------------------------------------------------
6. Contact:

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

~  * security-announce@...ts.vmware.com
~  * bugtraq@...urityfocus.com
~  * full-disclosure@...ts.grok.org.uk

E-mail:  security@...are.com

Security web site
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2008 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHzHdoS2KysvBH1xkRCCxrAJsHDTczV7agRyav5nMXgVmvMKTsSACfTmLl
Rv1wQy510KaPTQy9LiNMTNo=
=yM44
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ