A flaw was found in the way the VNC "password" option was handled.
Clearingaa password disabled VNC authentication, allowing a remote user
able to connect to the virtual machines' VNC ports to open a VNC session
without authentication. (CVE-2011-0011)
After installing this update, shut down all running virtual machines.
Once all virtual machines have shut down, start them again for this
update to take effect.