VMware Workstation 8.0.4 and VMware Fusion 4.1.3 released

Today VMware released minor updates for VMware Workstation (bringing the version to 8.0.4) and VMware Fusion (bringing the version to 4.1.3). These contains a few bug and security fixes. They are available now and are free as usual.

VMware Workstation

General Issues

  • Linux guests running the Linux kernel version 2.6.34 or later could not be pinged from the host via an IPv6 address.
  • On rare occasions, Linux guests would suddenly fail to Autofit or enter Unity.
  • Unity mode would exit if the title bar of an application contained certain non UTF-8 encoded extended ASCII characters.
  • On Windows hosts, the VMware Workstation user interface sometimes became unresponsive when minimized from full-screen mode if the suggestion balloon was being displayed.
  • On Windows hosts, the user interface sometimes became unresponsive if the application was rendered on an extended display that was abruptly disconnected.

Security Issues

  • VMware host Checkpoint file memory corruption
    Input data was not properly validated when loading Checkpoint files. This issue could have allowed an attacker with the ability to load a specially crafted Checkpoint file to execute arbitrary code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3288 to this issue.
  • VMware virtual machine remote device denial of service
    A device (such as CD-ROM or keyboard) that is available to a virtual machine while physically connected to a system that does not run the virtual machine is referred to as a remote device. Traffic coming from remote virtual devices was incorrectly handled. This issue could have allowed an attacker who was capable of manipulating the traffic from a remote virtual device to crash the virtual machine.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3289 to this issue.

More information can be found in the release notes.

VMware Fusion

General Issues

  • Resolved an intermittent issue with an unreleased version of Mac OS X.
  • Fixed a race-condition when starting VMware Tools in some OpenSUSE virtual machines.

Security Issues

  • VMware host Checkpoint file memory corruption
    Input data was not properly validated when loading Checkpoint files. This issue could have allowed an attacker with the ability to load a specially crafted Checkpoint file to execute arbitrary code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3288 to this issue.
  • VMware floppy device out-of-bounds memory write.
    Due to a flaw in the virtual floppy configuration, it was possible to perform an out-of-bounds memory write. This vulnerability could have allowed a guest user to crash the VMX process or to potentially execute code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2449 to this issue.

More information can be found in the release notes.

Niels Engelen
Working as a pre-sales with an interest for anything virtual and cloud. Certified as a VMware Certified Professional 4, 5 & 6. Niels also gained the VMware vExpert award (2012-2017) and is an ex-PernixPro.