Package: vmware-package Version: 0.22 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for vmware-package.
CVE-2008-0967[0]: | Untrusted search path vulnerability in vmware-authd in VMware | Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build | 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 | build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and | VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users | to gain privileges via an unspecified option in a configuration file. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967 http://security-tracker.debian.net/tracker/CVE-2008-0967 As mentioned in bug #484491, I think you just need to update the hashes for the tarballs to fix this bug :) Kind regards, Thomas.
signature.asc
Description: Digital signature

