VMSA-2010-0018: VMware hosted products and ESX patches resolve multiple security issues

http://www.vmware.com/security/advisories/VMSA-2010-0018.html

"1. Summary

VMware hosted products and ESX patches resolve multiple security
issues.

2. Relevant releases

VMware Workstation 7.1.1 and earlier,
VMware Workstation 6.5.4 and earlier,
VMware Player 3.1.1 and earlier,
VMware Player 2.5.4 and earlier,

VMware Fusion 3.1.1 and earlier,

ESXi 4.1 without patch ESXi410-201010402-BG or later
ESXi 4.0 without patch ESXi400-201009402-BG or later
ESXi 3.5 without patch ESXe350-201008402-T-BG or later

ESX 4.1 without patch ESX410-201010405-BG
ESX 4.0 without patch ESX400-201009401-SG
ESX 3.5 without patch ESX350-201008409-BG

Note: VMware Server was declared End Of Availability on January 2010,
support will be limited to Technical Guidance for the duration
of the support term."

The major vulnerability in regard to ESXi is "OS Command Injection in
VMware Tools update". This vulnerability could allow a user on the VM
Host to inject a command into a Guest through the VMWare Tools.

Users of the VMware software should update to the latest patch revision.

Thanks,
Brian