The VMguy

Ace was upgraded this week to version 2.5.3.  Here’s the main updates (all security fixes) from the release notes :

Security Fixes

• New: An updated version of Apache is being shipped with ACE Management Server. The new version of ACE, updates the Apache HTTP Server on Windows hosts to version 2.0.63 to address multiple security issues that existed in previous versions of Apache.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the issues addressed by this update.  Note: The Apache HTTP Server is not part of an ACE install on a Linux host. Update the Apache HTTP Server on the host system to version 2.0.63 in order to eliminate these security issues.
• New: Third party library libpng updated to 1.2.35. Several flaws were discovered in the way the third-party libpng library handled uninitialized pointers. An attacker could create a PNG image file in such a way that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user running the application.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0040 to this issue.

You can grab the updated version here .