As previously noted (Oct 16 and Nov 24) VMware has introduced new TPS (Transparent Page Sharing) management options that give administrators more granular control over which Virtual Machines have the potential to share duplicate pages of memory with each other. The previous ESXi patch releases incorporated the additional functionality but did not change the default behavior. Todays update of ESXi 5.1 is the first release that restricts TPS to individual VMs and disables inter-VM TPS by default unless an administrator chooses to re-enable it. Please see KB 2097593 for full details on the functionality.
Additionally VMware has today released the following new and updated advisories:
The new advisory details the fix of a Cross Site Scripting issue (CVE-2014-3797), a certificate validation issue (CVE-2014-8371) and updates to third-party libraries in VMware vSphere.
Customers should review the security advisory and direct any questions to VMware Support.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.