VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.

Apply the missing patch(es).

a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host. c. VMware ESXi, Workstation, and Player Denial of Service vulnerability VMware ESXi, Workstation, and Player contain an input validation issue in VMware Authorization process (vmware-authd). This issue may allow for a Denial of Service of the host. On VMware ESXi and on Workstation running on Linux the Denial of Service would be partial. d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package The OpenSSL library is updated to version 1.0.1j or 0.9.8zc to resolve multiple security issues. e. Update to ESXi libxml2 package The libxml2 library is updated to version libxml2-2.7.6-17 to resolve a security issue.

Mware Workstation 10.x prior to version 10.0.5 VMware Player 6.x prior to version 6.0.5 VMware Fusion 7.x prior to version 7.0.1 VMware Fusion 6.x prior to version 6.0.5 vCenter Server 5.5 prior to Update 2d ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG ESXi 5.0 without patch ESXi500-201405101-SG

Checks for missing patches.

• http://www.vmware.com/security/advisories/VMSA-2015-0001.html

---

Updated on 2015-03-25