VMware Hosted products and patches for ESX and ESXi resolve two security issues. The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package for the Service Console. (via VMblog) a. A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue. The following lists what action remediates the vulnerability if a solution is available. Workstation 6.0.x  replace with 6.5.0 build 118166 or later Workstation 5.x replace with 5.5.9 build 126128 or later Player 2.0.x replace with 2.5.0 build 118166 or later Player 1.x replace with 1.0.9 build 126128 or later ACE 2.0.x on Windows replace with 2.5.0 build 118166 or later ACE 1.x on Windows replace with 1.0.8 build 125922 or later Server 1.x replace with 1.0.8 build 126538 or later Fusion 1.x on Mac OS/X upgrade to Fusion 2.0 or later ESXi 3.5 update with ESXe350-200811401-O-SG ESX 3.5 update with ESX350-200811401-SG ESX 3.0.3 update with ESX303-200811401-BG ESX 3.0.2 update with ESX-1006980 b. Updated Service Console package bzip2