VMware Workstation 6.0.3 发布

mooiv

此次更新的最大亮点，修复了上个版本的大量安全问题，以下是具体的安全细节。
On Windows hosts, if you have configured and enabled a shared folder, it is possible for an attacker to write arbitrary content from a guest system to arbitrary locations on the host system (CORE-2007-0930). (bug 200360)
An internal security audit determined that a malicious user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. (Foundstone CODE-BUG-H-001) In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing. (bug 193049)
This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities. (bug 224453)
This release updates the OpenSSL library to address various vulnerabilities to denial-of-service attacks and buffer overflows. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the following names to these issues: CVE-2006-2940, CVE-2006-2937, CVE-2006-4343. (bug 216493)
Workstation 6.0.2 allowed anonymous console access to the guest by means of the VIX API. This release, Workstation 6.0.3, disables this feature. This means that the Eclipse Integrated Virtual Debugger and the Visual Studio Integrated Virtual Debugger will now prompt for user account credentials to access a guest. (bug 187785)
增加支持如下操作系统：
支持32、64位Ubuntu Linux 7.10作为宿主机、客户机操作系统
支持32、64位Red Hat Enterprise Linux 4.6作为宿主机、客户机操作系统
支持32、64位Asianux Server 3 作为客户机操作系统
支持32、64位Turbolinux 10 Server 作为客户机操作系统