Package: vmware-package
Version: 0.22
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for vmware-package.

CVE-2008-0967[0]:
| Untrusted search path vulnerability in vmware-authd in VMware
| Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build
| 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4
| build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and
| VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users
| to gain privileges via an unspecified option in a configuration file.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967
    http://security-tracker.debian.net/tracker/CVE-2008-0967

As mentioned in bug #484491, I think you just need to update the hashes
for the tarballs to fix this bug :)

Kind regards,
Thomas.

Attachment: signature.asc
Description: Digital signature

Reply via email to