May 3rd, 2012VMware floppy device out-of-bounds memory write:
· Due to a flaw in the virtual floppy configuration it was possible to perform an out-of-bounds memory write. This vulnerability allowed a guest user to crash the VMX process or to potentially execute code on the host.
· The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2449 to this issue.
VMware SCSI device unchecked memory write:
· Due to a flaw in the SCSI device registration it was possible to perform an unchecked write into memory. This vulnerability allowed a guest user to crash the VMX process or to potentially execute code on the host.
· The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2450 to this issue.
January 25th, 2012The following issues are resolved in VMware Player 4.0.2:
· The ACLs on the PID files needed improvement. VMware thanks Inode0 for bringing this to our attention.
· Releasing input from the guest to the host, for example, moving the cursor from the virtual machine window to the host screen, failed with an unrecoverable error.
· Copying and pasting from a guest to an Ubuntu 11.10 host failed.
· Shared folders did not work in Fedora 16 and OpenSuse 12.1 guests.
· In Ubuntu 11.10 hosts, key repeat was disabled after ungrabbing or quitting VMware Player.
· On a Windows host, a virtual machine configured to use a physical disk or partition failed to power on if the host had a volume backed by more than one physical disk, for example, a RAID system.
November 18th, 2011· Graphics performance and compatibility enhancements.
· Disk and memory management issues have been addressed.
· Many customer-reported issues have been resolved.
Resolved Issues:
· Windows 7 guest installation failed after powering on the virtual machine with the error A required CD/DVD drive device driver is missing. If you have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.
· VMware Tools failed with the message VMware Tools unrecoverable error.
· VMware Tools failed to start in Fedora 15 guests.
· On hosts with Nvidia GeForce and Quadro video cards, some of the clouds in the Unigine Heaven Benchmark application were drawn solid black.
· The AltGr key was not working in an Ubuntu guest in Unity mode when the host and guest keyboards were both set to a layout that contained the AltGr key.
October 5th, 2011Installation Changes and Enhanced Keyboards:
· The hardware requirements to install this version of Workstation have changed. Workstation now requires a relatively modern 64-bit CPU.
Virtual Hardware Improvements:
· The display technology has been changed to provide a better experience for Unity users and users who have multiple monitors. These changes also allow you to add a projector to your laptop without restarting your virtual machine.
· Virtual machines can now support up to 64GB of memory. The host system should have more than 64GB of memory to use this feature.
· An HD Audio device is available for Windows Vista, Windows 7, Windows 2008, and Windows 2008 R2 guests. The HD Audio device is compatible with the RealTek ALC888 7.1 Channel High Definition Audio Codec.
· USB 3.0 support is available for Linux guests running kernel version 2.6.35 or later (Ubuntu 10.10) through a new virtual xHCI USB controller. To enable this feature, add the following line to the .vmx file: usb_xhci.present = “true”. Do not enable this feature for Windows guests. Because Windows does not currently have a generic xHCI driver, this feature will not work in Windows.
· Bluetooth devices on the host can now be shared with Windows guests. With the latest hardware version, Bluetooth devices that are paired to the host system radio are available to Windows guests and can be paired from within the guest. You should not pair Bluetooth audio devices, such as headphones, or Bluetooth input devices, such as keyboards and mice, to a guest.
Documentation Changes:
· Getting Started with VMware Player (previously VMware Player Getting Started Guide) - Now contains complete information on installing and using Player.
· Online help - Has been redesigned to provide context-sensitive help and information on performing common tasks. For complete information on using Workstation and Player, see the guides.
· (NEW) Installing and Configuring VMware Tools - Contains comprehensive information on installing, upgrading, and configuring VMware
March 30th, 2011· Adds support for Windows 7 SP1 and Ubuntu 10.10 guest and host operating systems.
The following issues are resolved in VMware Player 3.1.4:
· In Player 3.1, the default main memory VA cache size (mainMem.vaCacheSize) for 32-bit Windows guests was reduced to accommodate 3D emulation memory requirements. However, the reduced value resulted in performance loss. For 3.1.4, the default main memory VA cache size has been be increased to 1000 MB and performance is improved.
· Because Player failed to identify more than 10 USB host controllers in newer Windows guests, some USB devices did not appear in the Removable Devices menu. Now Player shows all USB devices in the Removable Devices menu as long as they are connected to the first identified 16 USB controllers.
· The application vmware-modconfig UI could not start up in a KDE 4 session in a SUSE Linux Enterprise Desktop (SLED) 11 environment.
· VMware Tools upgrade could be started by a non-administrator user from the VMware Tools Control Panel in a Windows guest. In this release, only administrator users can start VMware Tools upgrade from the VMware Tools Control Panel. To prevent non-administrator users from starting VMware Tools upgrade from a guest by using other applications, set isolation.tools.autoinstall.disable to TRUE in the virtual machine configuration (.vmx) file.
· When a virtual machine running on a Windows host was used to access an Omron Industrial CP1L Programmable Logic Controller, Player generated an unrecoverable error.
· When using NAT virtual networking on Windows hosts, the traceroute command did not work when used within virtual machines.
· The Easy Install feature did not work for Fedora 14 guest operating systems.
· During VMware Tools installation on a Fedora 14 64-bit guest operating system, the following warning message was generated while building the vsock module: case value '255' not in enumerated type 'socket_state'.
· The Easy Install feature did not work for Red Hat Linux 6 guest operating systems.
· The VMware Tools HGFS provider DLL caused a deadlock when making calls to the WNetAddConnection2 function from an application such as eEye Rentina in a Windows guest operating system.
· There was no option to disable guest time sync when a host resumes. Now you can set time.synchronize.resume.host to FALSE in the virtual machine configuration (.vmx) file to disable guest time sync when a host resumes. See VMware Knowledge Base Article 1189 for other time sync options.
· Setting a hidden attribute on a file in a shared folder from a Windows guest on a Linux host failed with an error. This problem caused applications such as SVN checkout to fail when checking out to shared folders on Linux hosts from Windows guests.
November 20th, 2010The following issues are resolved:
· When you install VMware Player on an operating system that uses a post-2.6.34 Linux kernel, the vmmon module fails to compile.
· The vmxnet and vsock guest modules fail to compile on operating systems that use post-2.6.32 Linux kernels.
· When you install VMware Tools on an operating system that uses a post-2.6.34 Linux kernel, the vsock.ko module fails to build.
· Unity mode does not work with an Ubuntu 10.10 64-bit guest operating system.
· An unrecoverable error occurs when you select the Novell NetWare, Sun Solaris, or Other guest operating system type in the New Virtual Machine wizard.
November 20th, 2010Security Fixes:
·
VMware Player 3.x addresses an installer security issue
· The VMware Player 3.x installer loads an index.htm file located in the current working directory on which VMware Player 3.x is being installed. This might enable attackers to display a malicious file if they manage to get their file onto the system prior to installation.
· The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3277 to this issue.
·
Third party libpng updated to version 1.2.44
· A buffer overflow condition in libpng is addressed that could potentially lead to code execution with the privileges of the application using libpng. Two potential denial of service issues are also addressed in the update.
· The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1205, CVE-2010-0205, and CVE-2010-2249 to these issues.
Installation, Upgrade, and Compatibility:
· In some cases copying an index.html file into the same directory as the VMware Player 3.1.1 installer executable on Windows hosts might cause the VMware Player installer user interface to fail.
· When downloading software updates via a slow Internet connection, you might receive a timeout error resulting in an unsuccessful download.
· Currently available pre-release versions of OpenSUSE 11.3 might not work properly with Easy Install.
Display:
· To improve user experience when using Unity mode on Windows Vista and Windows 7 virtual machines, VMware Player disables Aero when entering Unity mode and re-enables it when you exit Unity mode. To override the disabling of Aero, open the vmx configuration file and add unity.allowCompositingInGuest="TRUE".
· Attempting to power on a Windows 7 virtual machine named using non-ASCII characters on Ubuntu 10.04 hosts might cause display issues in the Unity mode Start menu.
· Enabling Aero on hosts with Intel Integrated Graphics processing unit might cause display issues in a virtual machine.
· On Windows hosts, you might experience some usability issues while attempting to interact with Fedora 13 virtual machine applications in Unity mode.
· On Japanese version of Windows, using non-ASCII characters to name the host might cause the Start menu to not show in Unity mode.
Miscellaneous:
· The DNS server information might not refresh when the virtual machine switches between multiple NICs, such as wired and wireless. Thus, leading to a failure in looking up hosts with their DNS names when the guest is using NAT.
· If your host system has three parallel ports you might not be able map them non-sequentially.
· USB devices with vendor ID 0x1366 might be identified as being manufactured by Asahi KASEI instead of SEGGER.
· Dragon Medical 10.1 from Nuance might not run with more than one core on Windows 7 Ultimate 64-bit guests.
· On Windows 7 guests, you must run a New Hardware scan from the Device Manager menu for Logitech USB audio devices to be recognized. USB devices disconnected from the guest might still appear to be connected in the guest, and the guest might not allow you to reconnect them.
· On some Windows guests, the volume control keys and a few other multimedia keys might not work in a virtual machine.
· Error that occurs in NetBIOS forwarding in NAT leads to an incorrect resolution of the virtual machine WINS name.
November 20th, 2010Resolves the following issues:
· In some cases upon starting a virtual machine, the USB arbitration service might fail to start on systems that do not have a device identified as USBFDO-0 and prevent the use of USB devices in the virtual machine. The following error message appears, "Host USB device connections disabled". For this release, the USB arbitration service is updated to start whenever a USB device exists even if no devices meet this criteria.
· When a host system failure occurs during a virtual machine disk operation, attempting to power on the virtual machine or mount the virtual disk using the VMware Disk Mount utility causes the following error messages to appear, " Cannot open the disk... The specified virtual disk needs repair" and "Error reading volume information. Please select another disk file". There is no data lost during this process. VMware Player 3.1.1 fixes this issue and enables virtual machine operations to resume.
· Mapping a virtual disk with multiple partitions to a drive on the host machine and enabling write access only succeeds if you are mounting the first partition. This update enables other partitions to be successfully mounted and accessible to the host operating system.
May 26th, 2010· OpenGL 2.1 support for Windows 7 and Windows Vista guests — Improves the ability to run graphics-based applications in virtual machines.
· Improved Graphics Performance — Enhanced performance with better benchmarks, frame rates, and improved rendering on Windows 7 and Windows Vista guests allows you to run various graphics-based applications. In addition, major improvements in video playback enable you to play high-resolution videos in virtual machines.
· Automatic Software Updates — Download and install VMware Tools and receive maintenance updates when available.
· Direct Launch — Drag guest applications from the Unity start menu directly onto the host desktop. Double-click the shortcut to open the guest application. The shortcut remains on the desktop after you exit Unity and close VMware Player.
· Autologon — Save your login credentials and bypass the login dialog box when you power on a Windows guest. Use this feature if you restart the guest frequently and want to avoid entering your login credentials. You can enable Autologon and use direct launch to open guest applications from the host.
· OVF 1.1 Support — Import or export virtual machines and vApps to upload them to VMware vSphere or VMware vCloud. The VMware OVF Tool is a command-line utility bundled in the VMware Player installer. Use this tool along with VMware Player to convert VMware .vmx files to .ovf format or vice versa. VMware recommends that you use the OVF command-line utility.
· Eight-Way SMP Support — Create and run virtual machines with a total of up to eight-processor cores.
· 2TB Virtual Disk Support — Maximum virtual disks and raw disks size increased from 950GB to 2TB.
· Encryption Enhancements — VMware Player includes support for Intel's Advanced Encryption Standard instruction set (AES-NI) to improve performance while encrypting and decrypting virtual machines and faster run-time access to encrypted virtual machines on new processors.
· Memory Management — User interface enhancements have simplified the handling of increased virtual memory capacity.
· User Experience Improvement Program — Help VMware improve future versions of the product by participating in the User Experience Improvement Program. Participation in the program is voluntary and you can opt out at any time. When you participate in the User Experience Improvement Program, your computer sends anonymous information to VMware, which may include product configuration; usage and performance data, virtual machine configuration; usage and performance data, and information about your host system specifications and configuration.
· The User Experience Improvement Program does not collect any personal data, such as your name, address, telephone number, or email address that can be used to identify or contact you. No user identifiable data such as the product license key or MAC address are sent to VMware. VMware does not store your IP address with the data that is collected.
August 29th, 2008· Starting from this release, VMware has set the killbit on its ActiveX controls. Setting the killbit ensures that ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the KB article 240797 available from Microsoft and the related references on this topic.
· Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of-service or allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in Internet Explorer might result in pop-up windows warning the user.
· Note: IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested.
· Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls.
· To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions.
· The Common Vulnerabilities and Exposures has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and CVE-2008-3696 to the security issues with VMware ActiveX controls.
· Update to FreeType: FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to its latest version 2.3.7.
· The Common Vulnerabilities and Exposures has assigned the names CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 to the issues resolved in FreeType 2.3.6.
· Update to Cairo: Cairo 1.4.12 resolves an integer overflow vulnerability that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted PNG file. This release updates Cairo to its latest version 1.4.14. The Common Vulnerabilities and Exposures has assigned the name CVE-2007-5503 to the issue resolved in Cairo 1.4.12.
March 20th, 2008· On Windows hosts, if you have configured and enabled a shared folder, it is possible for an attacker to write arbitrary content from a guest system to arbitrary locations on the host system (CORE-2007-0930). (bug 200360)
· This release updates the libpng library to version 1.2.22 to remove various security vulnerabilities. (bug 224453) On openSUSE Linux 10.3 hosts, USB devices cannot be used in a virtual machine unless you plug the USB device in to the host before powering on the virtual machine. (bug 177615)
· On Windows hosts, after disabling shared folders the Properties button remains enabled. (bug 194070)
Find us on Google+
