Question about VMSA-2009-0006
Hello
-What someone would be able to confirm if the Security Council issued on 10 April (http://www.vmware.com/security/advisories/VMSA-2009-0006.html) applies to older versions of workstation, such as Workstation 5.x?
At the entry to the AEC http://Web.NVD.nist.gov/view/vuln/detail?vulnId=CVE-2009-1244 list all versions of Workstation 6.5.1 and earlier as being vulnerable. However, the official view of VMWare specifies only Workstation 6.0.x and 6.5.x in the description of the problem.
I realize 5.x is now out-of-support, but in the VMWare security bulletins have always made reference to versions of out-of-support in the Description of the problem when applied to the vulnerability to these versions.
Really appreciate it if someone could give me a definitive answer.
Thank you
Jean
Review of the Workstation 5.5 code base, it contains the vulnerable code. (As a rough proxy, WS5.5 == Server1.0, so anything that would affect one would affect the other, and Server1.0 received a fix).
If you feel strongly should be updating the CVE, please discuss with security ([email protected]) people.
I do not know the WS5.5 support policies; I suspect that the reason WS5.5 did not appear is that there may be no hope of release the other updates in the WS5.5 line, and there was no interest to declare a vulnerable old version if it does not intend to update. We are more than three years spent release WS5.5, which I think is the usual length of the product of the workstation.
Edit: I found a statement of support at this link:
http://www.VMware.com/security/advisories/VMSA-2009-0005.html
NOTE: General Workstation version 5.x support ended the
2009-03-19 users should plan to upgrade to the latest
Release of Workstation version 6.x.
Tags: VMware
Similar Questions
-
VMSA-2009-0006 - security breach
Hi all
I have Vmware server 1.0.4 version for Linux.
For as far as I understand the following: http://lists.vmware.com/pipermail/security-announce/2009/000055.html I need to upgrade to the version 1.0.9 or later.
When I search on the VMware downloads server the ability to download only version 2
Two questions:
1. where can I download the version 1.0.9?
2 what posibale to upgrade directly from version 1.0.4 to version 2?
Thank you very much
NIR
You are welcome!
If you found my answer helpful or it solve your problem, please consider awarding points.
-
Hi there, I have a question about storage, even if I have 2, 53GB, storage watch 21, 99GB usage, why this difference? I use an iMac 2009, thank you!
Spotlight re-indexing.
-
This is a question about ATI (whatever it is?) that is installed on my computer. I constantly get a message indicating that VPU RECOVER has reset the accelerator graphics etc, etc and I have to click on send, but the message comes back as undeliverable. What now?
ATI is the brand of your video card. The brand is now manufactured by AMD. http://support.AMD.com/us/pages/AMDSupportHub.aspx
The message indicates an automatic recovery of an error condition. From the little I saw in a quick Google search, it can be difficult to find the precise cause of the problem.
This page gives a few suggestions, but if they seem to be beyond your level of technical expertise, you might be better the computer in a local independent repair shop renamed (not a type BigBoxStoreUSA or rather GeekSquad)--> http://www.radiognome.com/2009/02/28/vpu-recover-issue-and-ways-to-fix-it/
-
A question about external authentication with PHP OCI8 using a portfolio store
Hello
SQL> SELECT * FROM v$version; BANNER -------------------------------------------------------------------------------- Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production PL/SQL Release 11.2.0.1.0 - Production CORE 11.2.0.1.0 Production TNS for Linux: Version 11.2.0.1.0 - Production NLSRTL Version 11.2.0.1.0 - Production SQL>
I have a question about OCI8 connection to the Oracle server via portfolio, which I understand is a good practice because we do not have to hard code the users password. I'm trying to read pages 117 and 118 of the book The Underground PHP and Oracle manual online to learn how to set up a portfolio. I proceeded by steps as explained in these two pages (except that at the end I connect, as a normal user, not a privileged user) yet, apparently PHP does not detect the user.OS: Linux Fedora Core 17 (x86_64) PHP Version: 5.4.14 Apache version (httpd): Apache/2.2.23 (Fedora)
Here's what I write in my script
the training is the name of the user that I use in my PHP scripts to connect to the oracle database and the password is mypassword (is not true, just for the purpose of this thread :)) the code above gives me the following error:)$connection = oci_connect ( "training", "", "php_ora_usr", "AL32UTF8" );
But if I also provide the password which is,Warning: oci_connect(): ORA-01005: null password given; logon denied in /var/www/html/myscript.php on line 91 Fatal error: Connection step: ORA-01005: null password given; logon denied in /var/www/html/myscript.php on line 13
Obviously it works, but at the same time, this means that my wallet is not operational.$connection = oci_connect ( "training", "mypassword", "php_ora_usr", "AL32UTF8" );
So I'll write here, step by step, how I did according to the instructions contained in the pages 117 and 118 of the above mentioned book and I would be grateful if you could kindly tell where I made the mistake (s)
The following text was performed under my oracle linux (so the dbagroup)
Step 01:_
I created and provided the password for the directory of portfolio
Step 02:_mkstore -wrl /home/oracle/wallet_dir -create
I created an entry for my oracle user that will be used in my PHP scripts to connect to oracle
user: training
password: mypassword
I also checked that the entry was actually created for my user in the portfoliomkstore -wrl "/home/oracle/wallet_dir" -createCredential php_ora_usr training mypassword
Step 03:_$ mkstore -wrl "/home/oracle/wallet_dir" -listCredential Oracle Secret Store Tool : Version 11.2.0.1.0 - Production Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved. Enter wallet password: List credential (index: connect_string username) 1: php_ora_usr training $
I added the following to my $TNS_ADMIN/tnsnames.ora
Step 04_. . . php_ora_usr = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = db02) ) ) . . .
I added the following to my $TNS_ADMIN/sqlnet.ora
_ Step 05# sqlnet.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/sqlnet.ora # Generated by Oracle configuration tools. NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT) ADR_BASE = /u01/app/oracle WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /home/oracle/wallet_dir) ) ) SQLNET.WALLET_OVERRIDE = TRUE SSL_CLIENT_AUTHENTICATION = FALSE SSL_VERSION = 0
The TNS_ADMIN environment variable is already set correctly in * / etc/sysconfig/httpd * so I didn't need to do something for this step
Step 06_
I gave to access Apache (as root) in the directory of portfolio (in fact, it seems that the user oracle (dba) of linux also has the required privileges to grant this access to the apache)
Step 07_# setfacl -m u:apache:rx /home/oracle/wallet_dir # setfacl -m u:apache:r /home/oracle/wallet_dir/{cwallet.sso,ewallet.p12}
Restart Apache
Step 08_# service httpd restart
Finally make a test connection using the connection string php_ora_usr which the entry was created earlier. And the test was not successful, as indicated above
The error message:$connection = oci_connect ( "training", "", "php_ora_usr", "AL32UTF8" );
I would appreciate it if you could kindly shed some light.Warning: oci_connect(): ORA-01005: null password given; logon denied in /var/www/html/myscript.php on line 91 Fatal error: Connection step: ORA-01005: null password given; logon denied in /var/www/html/myscript.php on line 13
Thanks in advance,
DariyooshThat gives a good clue to begin with. With your platform/Apache/DB, you might need different ACLs. Test directory and permissions. Check what euid your Apache runs as. Good luck.
-
Questions about Failver customer and rapid failover
have some questions about customer and quick Faiolver of Oracle Database HA failover. Before asking these questions, I want to explain my environment. Here are the details.
-We have two physical locations called "ABC" and "PQR".
-ABC is the main site.
-PQR is the backup site.
-In ABC, we have the database to Oracle RAC (11.2.0.2) with two nodes.
-In the PQR, we have only one stand-alone server (11.2.0.2) database with ASM. This isn't a RAC.
-Data Guard has been configured between ABC and PQR and it works as expected.
-Please note that we have a license for Active Data Guard.
-We have products of Oracle Identity Management to ABC and PQR and they will use the RAC database as a primary database that is in the CBA.
-We have not yet set up a Data Guard Broker.
We want to achieve under objectives:
Objective 1:
-------
Whenever primary CARS down completely, standby database becomes a primary database AUTOMATICALLY and it should allow the read/write operation.
I guess it's called 'Fast Failover'. Please let me know if I'm wrong.
Issues related to the:
-To do this, I need to set up Data Guard Broker so that this standy database becomes primary when CARS go down completely with a power outage, planned or not.
-Let's say that CARS falls does completely, how long take Data Guard Broker do standby db as primary.
-What the client application / which is already connected to the CARS.
-Let's DB standby became as primary and after some time if RAC comes back, keep data automatically becomes the primary role of RAC?
Objective 2:
--------
As I explained above, all products Oracle IDM and applications to speak to the RAC database, what do know only on the RAC database, which is the main. They are not aware of the pending database.
-Whenever a client session is underway with the primary database of CARS if CARS completely falls down, we would like to wait until the client session should get transferred datbase standby without losing session information. However before that happens, standby database should become primary because the client session can perform write operations.
-Whenever a client attempts to connect to the primary CARS and assumes that the cab is completely down, we would like to expect from any client connections should are transferred pending database.
However before that happens, standby database should become primary because the client session can perform write operations.
According to my knowledge, above scenarios are called "client failver." Please let me know if I'm wrong.
Issues related to the:
----------
1. Please throw some light to reach above features.
2. According to my understanding, before customer failover happens, fast failover expected has already occurred and ensure should get the switch for the main role. I guess that all this happens thanks to timeout settings. What are those.
Could you please help?
Thank youI didn't say that clients cannot reconnect automatically when primary fails: I meant that client sessions can generally reconnect and also keep any session state.
Yes, they can reconnect but only to keep the session state for a SELECT statement. It is also possible with Data Guard, not only in the CARS I wrote: here's a demo with 10 g
http://uhesse.WordPress.com/2009/08/19/connect-time-failover-transparent-application-failover-for-Data-Guard/.
What is not possible is to maintain a session state: (INSERT/UPDATE/DELETE) pending transactions must be cancelled.Edited by: P. Forstmann on Dec 8. 2011 20:30
-
Hello
I have a few question about AWR:
(1) which means the metric % CPU Non-Parse?
(2) the wait time event CPU means: the total amount of time CPU used during snapshot, is that correct?
(3) indicating the Parse CPU to analyze Elapsd % ratio of 200.00?
Will be grateful for the help.
Thank you
Orausern
Published by: orausern on May 18, 2009 06:16orausern wrote:
Can you suggest what the argument of the UC Parse to parse Elapsd % ratio of 200,00 specifies? In one of my AWR report, I get this value of 200%. -Given that the target is 100%, is 200% of the abnormal value, I have to do something?If you can not make sense a report, check the underlying data. In this case, the Instance activity statistics: "parse time cpu ' and 'analysis elapsed time '. I think you'll find that time cpu is greater than the time - suggesting that the see you a measurement error, especially if times are both very small anyway. Having done this, you can compare the "analysis time cpu" with time CPU anyway to see if there is any point in worrying about the time cpu spent in analysis.
Concerning
Jonathan Lewis
http://jonathanlewis.WordPress.com
http://www.jlcomp.demon.co.UK"Science is more than a body of knowledge; It's a way of thinking. "
Carl Sagan -
Question about mismanagement of the effects in the construction of sequence
Hi all
I read the BPEL 2.0 document and met a question about management failures and the normal flow of control in the < sequence > construction.
For example, in the following code fragment:
<>sequence
< call...
< catch faultName = gt; a.
< / call >
< receive... >
< / sequence >
If fault one is taken and processed by error handler, when the fault handling ends at will are receive > activity start or jumped?
According to the document: < receive > will begin when < call > complements, but the 'complete' includes the 'ends in vain", (i.e. a fault is stuck inside the < call > and dealt with)?
Hope you can help me and thank you very much.
Published by: user8301699 on April 9, 2009 19:04Hello
You have reason, 'full' includes the 'ends in vain", (i.e. a fault is taken inside the
and treated). Hope this answers your Q.
See you soon
Rémy Pucha -
Hello
I have a few questions about how Olite works:
Suppose we have a table A. We create a publishing point to this table in full cooling mode. B the user use our application with its database of Olite to enter data into this table. In my understanding of how works of Olite, during the synchronization of the user, the data it entered or modified are placed in the INQUEUE to be 'APPLIED' to the server by the PGM. If we have a lot of user who synchronizes with a lot of data at the same time, it is possible that the new record entered by user B will no longer in its database of Olite after synchronization if the MGP had no time to process the INQUEUE before the data is updated in the download phase?
First question: If this case can happen?
Second question: when an element is in full refresh Olite "truncate" the table on the client database and refresh it with new data?
Third question: I tried to test this case by disabling th mobile MGP_DEFAULT of employment in data manager and synchronization of a client. I was expecting the customer change would remain in the inqueue and would not be applied on the Server tables, but the changes have been applied, even if the MGP_DEFAULT work is due. Lack somethnig?
Thanks for your help
JSETIf your conflict mode is set to C, this means victories of your customer, so bi-passant the MGP if APPLY process.
BTW, the Java program, you wrote and the workbench of the program interface with the same API. As long as you call your procedures in the correct order, you should be good and it shouldn't make a difference.
When you say to add your table, you mean add point right of publication? If you add just one point of publication, you do not have to repeat throughout your application.
Published by: rekounas on March 15, 2009 11:46
-
I have about seven questions about Firefox OS. I'm potentially interested in opting for a tablet that works instead of Android or iOS. I couldn't find a place to ask questions like that. Thank you!
https://support.Mozilla.org/en-us/forums/Firefox-OS-English-Forum
There is another option.
-
About a month ago I posted a question about iMovie and not being able to "share". I solved the problem thanks, so no more emails!
Hi Michael,
If you want to stop receiving notifications by electronic mail, in the thread, that you have created, then I suggest that you follow the steps below:
One time connected to the Apple Support communities, visit your mini profile and select manage subscriptions.
Content
To manage this content, you are currently subscribed and changing your preferences, select the content.
Select next to see what content you are currently following. Note that any thread you are responding you subscribe you automatically to this thread.
You can select to terminate a subscription to a thread.
Learn how to manage your subscriptions
Take care.
-
Where and how do I ask questions about Email?
The Commission opening thingy is complicated, I have trouble finding my way around it. I don't know where or how questions about email. Is there an easier way than trawling through all these icons? Like a list or something - as you get on all other forums on the internet?
It would be a good starting point: Mac mini
Or the appropriate under MAC Os and system software section.
You might also find this useful: find answers and new questions
-
Many questions about the HP 50 g
I just ordered a HP 50 g graphic calculator! I have a few questions about this so hang on tight! What is the USB connector on the calculator? Mini-USB, micro USB, or is it a connector owner, "custom". Then, it would be possible to connect a keyboard to the HP 50 g by using the USB Port? Is there a program that would make this possible? (I doubt it would work if you plug it..) I have a Mini-USB to female USB 2.0 connector. So I could just plug the keyboard right, provided that the port on the calculator is a Mini-USB Port. If this is not so that I could use my female to female USB adaptor to connect the keyboard.
Thanks for your help,
Zekelegge
Hi!, zekelegge:
Welcome to Forum!
The only printer I use, 50G calculators, 48GII, 39GS and 17BII +, as well as many former models, such as the 48 s/SX/G/G + / GX, 38 G, 39 G, 42, 41 C/CV/CX and 28 C/S, is the infrared printer HP 82240 b. If you can use the emulator HP50G, on the PC, the simulator of the printer, you can download, since... http://www.HPCalc.org/details.php?id=7386
The printer... HP 82240 B
The cable series...
The description... http://www.allenwan.com/hpcalcserialcable/
The original cable...
-
Question about warranty after exchanges of RAM on Satellite module series
Hello together,
I have a question about the warranty. My laptop is 5 months old and now I want to improve it with more RAM. I want to do it myself, and now I'm wondering if the warranty will be getting hurt.
Thanks in advance for your answers.Concerning
TiG3r
For new models of laptops the RAM upgrade described in s operating manuals. It is public act and it shows the owner of the notebook how do RAM upgrade only.
If Toshiba offers something like this he won't have the negative influence of valid warranty.
Buy a compatible module and RAM upgrade.Bye and good luck!
-
A few quick questions about the Satellite P300 - 18 M
Hello
I am about to order a Satellite P300 - 18 M and have just a few questions about this:
(Although these may apply for other similar Satellite/Equium P300.)
Is the touchpad made by / to use the Alps or Synaptics driver?
It has the Wireless N network card, is the map made by Intel or Realtec?
And also, someone has experience with face recognition software to connect?
If so, does it take a lot of time to initalise?
Thanks in advance,
JackHello
The P300 - 18M belongs to the PSPCCE series.
It uses the two touchpad drivers. Synaptics & Alps Electric
There is an Intel 802.11agn minicards WLan installedThe face recognition is a nice tool but local to be illuminated and you must take your face the right of the post sometimes it of not very easy
But if you face is recognized correctly that the connection should work properly
See you soon
Maybe you are looking for
-
No further details, how can I fix this so I can print! It happens every time I try to print a Web page, I usually have to copy the link and print from the browser.
-
Strange problem with the KING and IMAQ find right 3 edges
So first of all, I noticed that the KING produced by KING features seems to have an incompatibility with the entrance to find right IMAQ 3 edges: In my code, I have the strange problem "IMAQ find right edges 3" is the production of edges that lie out
-
I was fooled by the very plausible people who claim that they are a licensed Microsoft customer care company. They installed 2 programs, one of whom was TeamviewerQS.en.exe. I have tried to remove it, but so far have not been able to do. Any suggesti
-
HP250G3: Ibernation and suspension on HP250G3
Hello, I have a question on my new laptop (Win7 64 bit) HP250G3, who was not able to go to suspend mode before I installed the graphics driver from HP site. Unfortunately, when restart the PC, the "NT Kernel & System"process starts to use 50% CPU (on
-
WRT54GL: Fast cable internet connection; very slow wireless
I have been chasing a problem for months and I am at the end of my mind. I started with a cable modem Motorola SB5101 and Buffalo bison wrt-hp-g54. For years, we had a (intermittent) desperately slow wireless connectivity. Recently I started to run