VMware patches hypervisor bugs

The virtualisation company has released a new security advisory and patch, and re-released two advisories with new patches, to address security flaws in its software

A patch is available for a buffer overflow vulnerability in VMware's flagship ESX 3.5 and ESXi 3.5 hypervisors.

The flaw and a patch were announced in VMware Security Advisory VMSA-2008-0015 on Thursday.

The vulnerability lies in the Openwsman system management platform, which implements VMware's web services management protocol. Buffer overflows could occur while Openwsman decodes HTTP basic authentication headers, the company said.

Patches are linked to on VMware's site in security advisory VMSA-2008-0015.

VMware also re-released two advisories with additional patches. VMSA-2008-0014 has added fixes for libpng and bind for ESX 3.5 servers, while VMSA-2008-0013 has added fixes for net-snmp and perl for ESX 3.5 servers, security training organisation Sans noted on its blog.

Last month, VMware customers had to contend with their virtual machines not turning on after a licensing mistake by VMware.