I'm trying to address the vulnerability (see below) given by security team.
Our ESX 3.5 is affected (ESX 2.5 is Ok). I've got the .rpm patch file.
Do I install using
rpm -Uvh patchfile.rpm
rpm -ivh patchfile.rpm
What's the difference between the two? Redhat suggested to me to use
"rpm -ivh" to install the .rpm packages from their site but I've seen some
places using "rpm -U package.rpm"
A vulnerability was reported in VMware. A local user on the guest operating system can obtain elevated privileges on the target host system.
A local user can exploit a flaw in the virtual machine display function to execute arbitrary code on the target host system.
VMware Workstation, Player, ACE, Server, Fusion, ESXi, and ESX are affected.
Workstation 6.5.x any 6.5.2 build 156735 or later
Workstation 6.0.x any upgrade to at least 6.5.2
Player 2.5.x any 2.5.2 build 156735 or later
Player 2.0.x any upgrade to at least 2.5.2
ACE 2.5.x Windows 2.5.2 build 156735 or later
ACE 2.0.x Windows upgrade to at least 2.5.2
Server 2.x any 2.0.1 build 156745 or later
Server 1.x any 1.0.9 build 156507 or later
Fusion 2.x Mac OS/X 2.0.4 build 159196 or later
ESXi 3.5 ESXi ESXe350-200904201-O-SG
ESX 3.5 ESX ESX350-200904201-SG
ESX 3.0.3 ESX ESX303-200904403-SG
ESX 3.0.2 ESX ESX-1008421
A local user on the guest operating system can obtain privileges on the target host system.
The vendor released a fix and an advisory.
Please see the references for more information.