April 30, H Security (International) VMware patches vulnerabilities in ESX 4.1. Virtualization specialist VMware is warning customers about multiple security holes in versions 4.0 and 4.1 of its ESX enterprise-level computer virtualization product. According to the company, the Service Console in ESX 4.1 on unpatched systems can be exploited by a local user in a guest virtual machine to gain escalated privileges, or by a malicious remote user to cause a denial-of-service condition or compromise a victim's system. In its advisory, VMware notes that some of these holes, found in previous versions of the libxml2 XML C parser and toolkit used by the ESX Console Operating System (COS), were closed by updating libxml2 to a newer release. Versions 4.0 and 4.1 of ESX are affected; vCenter, ESXi, and ESX 3.5, as well as hosted products such as VMware Workstation, Player, ACE, and Fusion, are not vulnerable. Patches are available for ESX 4.1 that correct these problems, while patches for version 4.0 are listed as "pending."
Source: http://www.h-online.com/security/news/item/VMware-patches-vulnerabilities-in-ESX-4-1-1564129.html
Written by Ali Loney
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali Loney