Sun and VMware issue vital updates

The patch from Sun addresses security and stability problems in Java, fixing 18 flaws covering stability, data corruption and security vulnerabilities.

Sun did not provide details on the exact nature of the security flaws, but the US Computer Emergency Response Team has advised users and administrators to install the Java update immediately.

The VMware patch, meanwhile, addresses two security flaws in a number of the company's virtualisation products.

The fix applies to VMWare Workstation versions 5 and 6, VMWare Player versions 1 and 2, and VMWare Server version 1.0.9 and earlier, as well as the company's ESX offering.

The first of the two flaws addresses a problem which could allow an attacker to remotely cause a memory corruption issue. If exploited, the attacker could cause the target system to crash and gain the ability to write code to memory.

The second addresses a previously patched flaw in the bzip2 library on ESX systems. If exploited, the vulnerability could be targeted by an attacker to crash the system while decompressing a specially-crafted archive file.

Copyright ©v3.co.uk

addresses attacker flaws security software sun vmware