181 replies to this topic

[AplusWebMaster]

FYI...

VMSA-2016-0019 - VMware Workstation and Fusion updates address critical out-of-bounds memory access vuln
- https://www.vmware.c...-2016-0019.html
2016-11-13
Severity: Critical
CVE numbers: CVE-2016-7461
1. Summary: VMware Workstation and Fusion updates address address critical out-of-bounds memory access vulnerability.
2. Relevant Products:
    VMware Workstation Pro / Player
    VMware Fusion Pro / Fusion
3. Problem Description:
a. VMware Workstation and Fusion out-of-bounds memory access vulnerability
The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
Workaround: On Workstation Pro and Fusion, the issue cannot be exploited if both the drag-and-drop function and the copy-and-paste (C&P) function are disabled. Refer to the Reference section on documentation how to disable these functions. This workaround is not available on Workstation Player...
4. Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Workstation Pro 12.5.2 / Downloads and Documentation
- https://www.vmware.c...loadworkstation
- https://www.vmware.c...bs/ws_pubs.html
VMware Workstation Player 12.5.2 / Downloads and Documentation
- https://www.vmware.c.../downloadplayer
- https://www.vmware.c...layer_pubs.html
VMware Fusion Pro / Fusion 8.5.2 / Downloads and Documentation
- https://www.vmware.c.../downloadfusion
- https://www.vmware.c...usion_pubs.html...

- http://www.securityt....com/id/1037282
CVE Reference: CVE-2016-7461
Nov 14 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation 12.x; Fusion 8.x ...
Impact: A local user on the guest system can gain privileges on the host system.
Solution: The vendor has issued a fix (Workstation 12.5.2; Fusion 8.5.2)...
___

- https://www.us-cert....ecurity-Updates
Nov 14, 2016
 

Edited by AplusWebMaster, 15 November 2016 - 07:52 AM.

[AplusWebMaster]

FYI...

VMSA-2016-0020 - vRealize Operations update addresses REST API deserialization vuln
- https://www.vmware.c...-2016-0020.html
2016-11-15
CVE numbers: CVE-2016-7462
1. Summary: vRealize Operations update addresses REST API deserialization vulnerability.
2. Relevant Products
    vRealize Operations
3. Problem Description
a. vRealize Operations REST API deserialization vulnerability
vRealize Operations contains a deserialization vulnerability in its REST API implementation. This issue may result in a Denial of Service as it allows for writing of files with arbitrary content   and moving existing files into certain folders. The name format of the destination files is predefined and their names cannot be  chosen. Overwriting files is not feasible...
4. Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vRealize Operations: Downloads and Documentation:
- https://my.vmware.co..._operations/6_4
___

- http://www.securityt....com/id/1037297
CVE Reference: CVE-2016-7462
Nov 16 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Operations 6.x ...
Impact: A remote user can move existing files into certain folders and write files with arbitrary content to cause denial of service conditions.
Solution: The vendor has issued a fix (Operations 6.4.0)...
___

- https://www.us-cert....Security-Update
Nov 17, 2016
 

Edited by AplusWebMaster, 17 November 2016 - 12:35 PM.

[AplusWebMaster]

FYI...

VMSA-2016-0021 - VMware product updates address partial information disclosure vuln
- https://www.vmware.c...-2016-0021.html
2016-11-22
CVE numbers: CVE-2016-5334
1. Summary: VMware product updates address partial information disclosure vulnerability
2. Relevant Products:
    VMware Identity Manager
    vRealize Automation
3. Problem Description: Partial information disclosure vulnerability in VMware Identity Manager
VMware Identity Manager contains a vulnerability that may allow for a partial information disclosure. Successful exploitation of the vulnerability may allow read access to files contained in the /SAAS/WEB-INF and /SAAS/META-INF directories remotely...
4. Solution: Please review the patch/release notes for your product and version and   verify the checksum of your downloaded file.
VMware Identity Manager / Downloads and Documentation:
- https://my.vmware.co...ity_manager/2_7
vRealize Automation / Downloads and Documentation:
- https://my.vmware.co..._automation/7_2

- http://www.securityt....com/id/1037326
CVE Reference: CVE-2016-5334
Nov 22 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.x ...
Impact: A remote user can view files in the '/SAAS/WEB-INF' and '/SAAS/META-INF' directories on the target system.
Solution: The vendor has issued a fix (vRealize Automation 7.2.0)...
___

VMSA-2016-0022 - VMware product updates address information disclosure vuln
- https://www.vmware.c...-2016-0022.html
2016-11-22
CVE numbers: CVE-2016-7458, CVE-2016-7459, CVE-2016-7460
1. Summary: VMware vCenter Server, vSphere Client, and vRealize Automation updates address information disclosure vulnerabilities.
2. Relevant Products:
    VMware vCenter Server
    VMware vSphere Client
    vRealize Automation
3. Problem Description:
a. vSphere Client XML External Entity vulnerability:
The vSphere Client contains an XML External Entity (XXE) vulnerability. This issue can lead to information disclosure if a vSphere Client user is tricked into connecting to a malicious instance of vCenter Server or ESXi.
There are no known workarounds for this issue...
4. Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Server / Downloads and Documentation:
- https://www.vmware.c...ownload-vsphere
vRealize Automation / Downloads and Documentation:
- https://my.vmware.co..._automation/6_2
VMware Knowledge Base article 2089791:
- https://kb.vmware.co...ernalId=2089791

- http://www.securityt....com/id/1037327
CVE Reference: CVE-2016-7460
Nov 23 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.x ...
Impact: A remote user can obtain potentially sensitive information from the target system.
A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (vRealize Automation VA 6.2.5)...

- http://www.securityt....com/id/1037328
CVE Reference: CVE-2016-7458
Nov 23 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Client 5.5, 6.0 ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (5.5 U3e, 6.0 U2a)...

- http://www.securityt....com/id/1037329
CVE Reference: CVE-2016-7459, CVE-2016-7460
Nov 23 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Server 5.5, 6.0 ...
Impact: A remote user can potentially sensitive information from the target system.
A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (5.5 U3e, 6.0 U2a)...
 

[AplusWebMaster]

FYI...

VMSA-2016-0023 - VMware ESXi updates address a cross-site scripting issue
- https://www.vmware.c...-2016-0023.html
Dec 20, 2016
Severity: Important
Synopsis: VMware ESXi updates address a cross-site scripting issue
Relevant Products: VMware vSphere Hypervisor (ESXi)
Problem Description:
a. Host Client stored cross-site scripting issue
The ESXi Host Client contains a vulnerability that may allow for stored cross-site scripting (XSS). The issue can be introduced by an attacker that has permission to manage virtual machines through ESXi Host Client or by tricking the vSphere administrator to import a specially crafted VM. The issue may be triggered on the system from where ESXi Host Client is used to manage the specially crafted VM.
VMware advises not to import VMs from untrusted sources...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
ESXi 6.0
Downloads:
- https://www.vmware.c...indPatch.portal
Documentation:   
- http://kb.vmware.com/kb/2145815
ESXi 5.5   
Downloads:
- https://www.vmware.c...indPatch.portal
Documentation:   
- http://kb.vmware.com/kb/2148194
Change log: 2016-12-20 VMSA-2016-0023
Initial security advisory in conjunction with the release of VMware ESXi 5.5 patches on 2016-12-20...
___

- http://www.securityt....com/id/1037501
CVE Reference: CVE-2016-7463
Dec 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5, 6.0
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the VMware interface, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (ESXi550-201612102-SG, ESXi600-201611102-SG)...
___

- https://www.us-cert....Security-Update
Dec 20, 2016
 

Edited by AplusWebMaster, 21 December 2016 - 07:37 AM.

[AplusWebMaster]

FYI...

VMSA-2016-0024 - vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue
- https://www.vmware.c...-2016-0024.html
Dec 20, 2016
Severity: Critical
Synopsis: vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue
Relevant Products: vSphere Data Protection (VDP)
Problem Description: VDP SSH key-based authentication issue
VDP contains a private SSH key with a known password that is configured to allow key-based authentication. Exploitation of this issue may allow an unauthorized remote attacker to log into the appliance with root privileges...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vSphere Data Protection
Downloads and Documentation:
- http://kb.vmware.com/kb/2147069
___

- http://www.securityt....com/id/1037502
CVE Reference: CVE-2016-7456
Dec 20 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Data Protection 5.5.x, 5.8.x, 6.0.x, 6.1.x
Impact: A remote user can gain root access to the target system.
Solution: The vendor has issued a fix (vSphere Data Protection patch KB2147069)...
 

Edited by AplusWebMaster, 21 December 2016 - 07:38 AM.

[AplusWebMaster]

FYI...

VMSA-2017-0001 - AirWatch updates address bypass of root detection and local data encryption
- https://www.vmware.c...-2017-0001.html
2017-01-30
Severity: Important
Summary: AirWatch updates address bypass of root detection and local data encryption
Relevant Products:
    Airwatch Agent
    Airwatch Console
    AirWatch Inbox
Problem Description:
a. Root detection bypass
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection during enrollment. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data...
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4895 to this issue...
b. Local data encryption bypass
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data...
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4896 to this issue...
Solution:
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
Airwatch Agent for Android
Downloads and Documentation:
- https://play.google....roidagent&hl=en
Airwatch Agent for Android
Downloads and Documentation:
- https://play.google....tch.email&hl=en
References
- http://cve.mitre.org...e=CVE-2017-4895
- http://cve.mitre.org...e=CVE-2017-4896
- https://support.air-...es/115002293928
- https://support.air-...es/115002156907
___

- http://www.securityt....com/id/1037738
CVE Reference: CVE-2017-4895, CVE-2017-4896
Jan 30 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (Agent 7.0; Console 9.0 FP1 [plus use Pin-Based Encryption]; Inbox 2.12 [plus use Pin-Based Encryption])...
 

[AplusWebMaster]

FYI...

VMSA-2017-0002 - Horizon DaaS update addresses an insecure data validation issue
- https://www.vmware.c...-2017-0002.html
2017-03-02
Summary: Horizon DaaS update addresses an insecure data validation issue
Relevant Products: VMware Horizon DaaS
Problem Description: Horizon DaaS insecure data validation
Horizon DaaS contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Horizon DaaS   
Downloads:
- https://my.vmware.co...orizon_daas/7_0
Documentation:   
- https://www.vmware.c...tform-pubs.html
References:
- http://cve.mitre.org...e=CVE-2017-4897

- http://www.securityt....com/id/1037951
CVE Reference: CVE-2017-4897
Mar 3 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Daas 6.1.x ...
Impact: A remote user can gain access to devices and drives on the target user's system.
Solution: The vendor has issued a fix (DaaS 7.0.0)...
 

[AplusWebMaster]

FYI...

VMSA-2017-0003 - VMware Workstation update addresses multiple security issues
- https://www.vmware.c...-2017-0003.html
2017-03-09
Severity: Important
Summary: VMware Workstation update addresses multiple security issues
Relevant Products: VMware Workstation Pro/Player
Problem Description:
a. VMware Workstation DLL loading vulnerability   
VMware Workstation Pro/Player contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed...
b. VMware Workstation SVGA driver vulnerability    
VMware Workstation Pro/Player contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read.       
Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Workstation Pro 12.5.3  
Downloads and Documentation:
- https://www.vmware.c...loadworkstation
- https://www.vmware.com/support/pubs/ws_pubs.html  
VMware Workstation Player 12.5.3    
Downloads and Documentation:  
- https://www.vmware.c.../downloadplayer
- https://www.vmware.c...layer_pubs.html

- http://www.securityt....com/id/1037979
CVE Reference: CVE-2017-4898, CVE-2017-4899, CVE-2017-4900
Mar 10 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation Pro and Workstation Player 12.x prior to 12.5.3 ...
Impact: A local user on the guest system can cause denial of service conditions on the guest system.
A local user on the guest system can gain elevated privileges on the host system.
Solution: The vendor has issued a fix (Workstation 12.5.3)...
 

[AplusWebMaster]

FYI...

VMSA-2017-0004 - VMware product updates resolve remote code execution vulnerability via Apache Struts 2
- https://www.vmware.c...-2017-0004.html
2017-03-13
Summary: VMware product updates resolve remote code execution vulnerability via Apache Struts 2
Relevant Products:
    Horizon Desktop as-a-Service Platform (DaaS)
    VMware vCenter Server (vCenter)
    vRealize Operations Manager (vROps)
    vRealize Hyperic Server (Hyperic)
Problem Description: Remote code execution vulnerability via Apache Struts 2
Multiple VMware products contain a remote code execution vulnerability due to the use of Apache Struts 2. Successful exploitation of this issue may result in the complete compromise of an affected product...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware vCenter Server
Downloads and Documentation:
- https://kb.vmware.com/kb/2149434
References:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638  
- https://struts.apach...ocs/s2-045.html
- https://kb.vmware.com/kb/2149434
___

VMSA-2017-0005 - VMware Workstation and Fusion updates address out-of-bounds memory access vulnerability
- https://www.vmware.c...-2017-0005.html
2017-03-14
Summary: VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability.
Relevant Products:
    VMware Workstation Pro / Player
    VMware Fusion Pro / Fusion
Problem Description:
a. VMware Workstation and Fusion out-of-bounds memory access vulnerability
The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
Workaround: On Workstation Pro and Fusion, the issue cannot be exploited if both the drag-and-drop function and the copy-and-paste (C&P) function are disabled. Refer to the Reference section on documentation how to disable these functions. This workaround is not available on Workstation Player...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Workstation Pro 12.5.4
Downloads and Documentation
- https://www.vmware.c...loadworkstation
- https://www.vmware.c...bs/ws_pubs.html
VMware Workstation Player 12.5.4
Downloads and Documentation
- https://www.vmware.c.../downloadplayer
- https://www.vmware.c...layer_pubs.html
VMware Fusion Pro / Fusion 8.5.5
Downloads and Documentation
- https://www.vmware.c.../downloadfusion
- https://www.vmware.c...usion_pubs.html
References:
- http://cve.mitre.org...e=CVE-2017-4901
Workaround documentation / Workstation Pro
Disabling drag-and-drop and copy-and-paste functionality, page 81 and 82
- http://pubs.vmware.c...-user-guide.pdf
Fusion / Disabling drag-and-drop and copy-and-paste functionality, page 135
- http://pubs.vmware.c...-user-guide.pdf

- http://www.securityt....com/id/1038025
CVE Reference: CVE-2017-4901
Mar 15 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Impact: A local user on the guest system can gain elevated privileges on the host system.
Solution: The vendor has issued a fix (Workstation 12.5.4; Fusion 8.5.5)...
___

- https://www.us-cert....ecurity-Updates
Mar 14, 2017
 

Edited by AplusWebMaster, 15 March 2017 - 03:55 AM.

[AplusWebMaster]

FYI...

VMSA-2017-0006 - VMware ESXi, Workstation and Fusion updates address critical and moderate security issues
- https://www.vmware.c...-2017-0006.html
2017-03-28
CVE numbers: CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905
Summary: VMware ESXi, Workstation and Fusion updates address critical and moderate security issues.
- Relevant Products
    VMware ESXi (ESXi)  
    VMware Workstation Pro / Player (Workstation)  
    VMware Fusion Pro, Fusion (Fusion)
- Problem Description: ESXi, Workstation, Fusion SVGA memory corruption
a. ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host...
Note: ESXi 6.0 is affected by CVE-2017-4903 but not by CVE-2017-4902...
* Additional ESXi 6.0 patches are provided for customers that are on ESXi 6.0 U1 or ESXi 6.0 U2...
b. ESXi, Workstation, Fusion XHCI uninitialized memory usage
The ESXi, Workstation, and Fusion XHCI controller has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
* Additional ESXi 6.0 patches are provided for customers that are on ESXi 6.0 U1 or ESXi 6.0 U2...
c. ESXi, Workstation, and Fusion uninitialized memory usage
ESXi, Workstation, and Fusion have uninitialized memory usage. This issue may lead to an information leak...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> VMware ESXi 6.5 - Downloads:  
- https://my.vmware.co...up/vmware/patch
Documentation:  
- http://kb.vmware.com/kb/2149573
> VMware ESXi 6.0 patch on top of ESXi 6.0 U3
Downloads:
- https://my.vmware.co...up/vmware/patch
Documentation:   
- http://kb.vmware.com/kb/2149569
> VMware ESXi 6.0 patch on top of ESXi 6.0 U2  
Downloads:  
- https://my.vmware.co...dGroup=ESXI60U2 
(Click on the above link and scroll down to ESXi600-201703003 Offline Bundle)
Documentation:  
- http://kb.vmware.com/kb/2149673 
> VMware ESXi 6.0 patch on top of ESXi 6.0 U1  
Downloads:  
- https://my.vmware.co...Group=ESXI60U1B
(Click on the above link and scroll down to ESXi600-201703002 Offline Bundle)
Documentation:  
- http://kb.vmware.com/kb/2149672
> ESXi 5.5   
Downloads:
- https://my.vmware.co...up/vmware/patch
Documentation:   
- http://kb.vmware.com/kb/2149577
> VMware Workstation Pro 12.5.5
Downloads and Documentation:  
- https://www.vmware.c...loadworkstation 
- https://www.vmware.c...bs/ws_pubs.html 
> VMware Workstation Player 12.5.5  
Downloads and Documentation:  
- https://www.vmware.c.../downloadplayer 
- https://www.vmware.c...layer_pubs.html
> VMware Fusion Pro / Fusion 8.5.6  
Downloads and Documentation:  
- https://www.vmware.c.../downloadfusion 
- https://www.vmware.c...usion_pubs.html

VMware Knowledge Base article 2149673  
- http://kb.vmware.com/kb/2149673
VMware Knowledge Base article 2149672  
- http://kb.vmware.com/kb/2149672

Change log: 2017-03-28 VMSA-2017-0006  
 Initial security advisory in conjunction with the release of ESXi patches and VMware Workstation Pro/Player 12.5.5 and VMware Fusion Pro, Fusion 8.5.6 on 2017-03-28...
___

- http://www.securityt....com/id/1038148
CVE Reference: CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Fusion 8.x, Workstation 12.x ...
Impact: A local user on the guest system can gain elevated privileges on the host system.
A local user on the guest system can obtain potentially sensitive information on the host system.
Solution: The vendor has issued a fix (Fusion 8.5.6, Workstation 12.5.5).
The vendor advisory is available at: http://www.vmware.co...-2017-0006.html

- http://www.securityt....com/id/1038149
CVE Reference: CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905
Mar 28 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5, 6.0, 6.5 ...
Impact: A local user on the guest system can gain elevated privileges on the host system.
A local user on the guest system can obtain potentially sensitive information on the host system.
Solution: The vendor has issued a fix.
The vendor advisory is available at: http://www.vmware.co...-2017-0006.html
___

- https://www.us-cert....ecurity-Updates
March 28, 2017
 

Edited by AplusWebMaster, 29 March 2017 - 01:16 PM.

[AplusWebMaster]

FYI...

VMSA-2017-0007 - VMware vCenter Server updates resolve a remote code execution vuln
- https://www.vmware.c...-2017-0007.html
2017-04-13
Advisory ID: VMSA-2017-0007
Severity: Critical
Synopsis: VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS
CVE-2017-5641
Summary: VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS
Relevant Products: VMware vCenter Server
Problem Description: Remote code execution vulnerability via BlazeDS
VMware vCenter Server contains a remote code execution vulnerability due to the use of BlazeDS to process AMF3 messages. This issue may be exploited to execute arbitrary code when deserializing an untrusted Java object...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> VMware vCenter Server 6.5c  
Downloads: https://my.vmware.co...=618&rPId=15826 
Documentation: : https://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-6-pubs.html  
> VMware vCenter Server 6.0U3b  
Downloads: https://my.vmware.co...=491&rPId=15722 
Documentation: https://www.vmware.c...ver-6-pubs.html
References:
- http://cve.mitre.org...e=CVE-2017-5641
- https://kb.vmware.com/kb/2149815 
- https://kb.vmware.com/kb/2149816..."
___

- http://www.securityt....com/id/1038273
CVE Reference: CVE-2017-5641
Apr 15 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0, 6.5 ...
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (6.0U3b, 6.5c)...
___

- https://www.us-cert....ecurity-Updates
April 14, 2017
 

Edited by AplusWebMaster, 16 April 2017 - 04:02 AM.

[AplusWebMaster]

FYI...

VMSA-2017-0008 - VMware Unified Access Gateway, Horizon View and Workstation updates
- https://www.vmware.c...-2017-0008.html
2017-04-18
Severity: Critical
Synopsis: VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities
CVE numbers: CVE-2017-4907, CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912, CVE-2017-4913
Summary: VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities
Relevant Products:
    VMware Unified Access Gateway (formerly called Access Point)  
    VMware Horizon View     
    VMware Horizon View Client for Windows
    VMware Workstation Pro / Player (Workstation)
Problem Description:
a. Unified Access Gateway and Horizon View heap buffer-overflow vulnerability
VMware Unified Access Gateway and Horizon View contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway... The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4907 to this issue...
b. Multiple heap-based buffer overflow issues via Cortado ThinPrint
VMware Workstation and Horizon View Client contain multiple heap buffer-overflow vulnerabilities in JPEG2000 and TrueType Font (TTF) parsers in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View... The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-4908 (JPEG2000) and CVE-2017-4909 (TTF) to these issues...
c. Multiple out-of-bounds read/write issues via Cortado ThinPrint
VMware Workstation and Horizon View Client contain multiple out-of-bounds read/write vulnerabilities in JPEG2000 and TrueType Font (TTF) parsers in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View... The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-4910 (JPEG2000), CVE-2017-4911 (JPEG2000) and CVE-2017-4912 (TTF) to these issues...
d. Integer overflow vulnerability via Cortado ThinPrint
VMware Workstation and Horizon Client contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View... The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4913 to this issue...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Unified Access Gateway 2.9: Downloads and Documentation:
- https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-APPS-710-ADV&productId=643&rPId=15408   
- https://pubs.vmware....nt-29/index.jsp
VMware Unified Access Gateway 2.8.1: Downloads and Documentation:  
- https://my.vmware.co...=577&rPId=13519
- http://pubs.vmware.c...nt-28/index.jsp
VMware Horizon View 7.1.0: Downloads and Documentation:  
- https://my.vmware.co...are_horizon/7_1
- https://www.vmware.c.../view_pubs.html
VMware Horizon View 6.2.4: Downloads and Documentation:  
- https://my.vmware.co...are_horizon/6_2
- https://www.vmware.c.../view_pubs.html
VMware Workstation Pro 12.5.3: Downloads and Documentation:  
- https://www.vmware.c...loadworkstation 
- https://www.vmware.c...bs/ws_pubs.html 
VMware Workstation Player 12.5.3: Downloads and Documentation:  
- https://www.vmware.c.../downloadplayer 
- https://www.vmware.c...layer_pubs.html
___

VMSA-2017-0008.1
- https://www.vmware.c...-2017-0008.html
Change log: 2017-04-19 VMSA-2017-0008.1
Corrected the VMware Horizon View Client for Windows version.

VMSA-2017-0008.2
- https://www.vmware.c...-2017-0008.html
Change log: 2017-04-21 VMSA-2017-0008.2
Updated security advisory to clarify the Unified Access Gateway and Horizon View affected versions.
___

- http://www.securityt....com/id/1038280
CVE Reference: CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912
Apr 18 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation 12.x ...
Impact: A local user on the guest system can cause denial of service conditions on the host system.
A local user on the guest system can gain elevated privileges on the host system.
Solution: The vendor has issued a fix (12.5.3)...

- http://www.securityt....com/id/1038281
CVE Reference: CVE-2017-4907, CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912, CVE-2017-4913
Apr 18 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.2.x, 7.x ...
Impact: A remote user can execute arbitrary code on the target system.
A local user on the guest system can cause denial of service conditions on the host system.
A local user on the guest system can gain elevated privileges on the host system.
Solution: The vendor has issued a fix (6.2.4, 7.1.0)...
___

- https://www.us-cert....ecurity-Updates
April 18, 2017
 

Edited by AplusWebMaster, 21 April 2017 - 10:09 AM.

[AplusWebMaster]

FYI...

VMSA-2017-0009 - VMware Workstation update addresses multiple security issues
- https://www.vmware.c...-2017-0009.html
2017-05-18
Severity: Important
Relevant Products: VMware Workstation Pro/Player
Problem Description
a. VMware Workstation Insecure library loading vulnerability  
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine...
b. VMware Workstation NULL pointer dereference vulnerability  
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Workstation Pro 12.5.6:  
Downloads and Documentation:
- https://www.vmware.c...loadworkstation
- https://www.vmware.com/support/pubs/ws_pubs.html  
VMware Workstation Player 12.5.6:
Downloads and Documentation:  
- https://www.vmware.c.../downloadplayer
- https://www.vmware.c...layer_pubs.html
___

- http://www.securityt....com/id/1038525
CVE Reference: https://nvd.nist.gov...l/CVE-2017-4915
May 19 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation Pro and Workstation Player 12.x ...
Impact: A local user on the host system can obtain root privileges on the host system.
Solution: The vendor has issued a fix (12.5.6)...

- http://www.securityt....com/id/1038526
CVE Reference: https://nvd.nist.gov...l/CVE-2017-4916
May 19 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation Pro and Workstation Player 12.x ...
Impact: A local user on the host system can cause denial of service conditions on the host system.
Solution: The vendor has issued a fix (12.5.6)...
 

Edited by AplusWebMaster, 30 May 2017 - 06:42 AM.

[AplusWebMaster]

FYI...

VMSA-2017-0010 - vSphere Data Protection (VDP) updates address multiple security issues
- https://www.vmware.c...-2017-0010.html
2017-06-06
Severity: Critical
Summary: vSphere Data Protection (VDP) updates address multiple security issues
Relevant Products: vSphere Data Protection (VDP)
Problem Description: VDP Java deserialization issue
VDP contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance...
VDP locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vSphere Data Protection (VDP) 6.1.4
Downloads and Documentation:
- https://my.vmware.co...oadGroup=VDP614
- https://www.vmware.c...s/vdr_pubs.html
vSphere Data Protection (VDP) 6.0.5
Downloads and Documentation:  
- https://my.vmware.co...adGroup=VDP60_5
- https://www.vmware.c...s/vdr_pubs.html
___

- http://www.securityt....com/id/1038617
CVE Reference: CVE-2017-4914, CVE-2017-4917
Jun 6 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Data Protection 5.5.x, 5.8.x, 6.0.x, 6.1.x ...
Impact: A local user can obtain passwords on the target system.
A remote user can execute arbitrary code on the target system.
Solution: VMware has issued a fix (6.0.5, 6.1.4)...
___

- https://www.us-cert....ecurity-Updates
June 07, 2017
 

Edited by AplusWebMaster, 07 June 2017 - 10:18 AM.

[AplusWebMaster]

FYI...

VMSA-2017-0011 - Horizon View Client update addresses a command injection vuln
- https://www.vmware.c...-2017-0011.html
2017-06-08
Severity: Important
Summary: Horizon View Client update addresses a command injection vulnerability
Relevant Products: VMware Horizon View Client for Mac (View Client)
Problem Description: Horizon View Client command injection vulnerability
VMware Horizon View Client contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Horizon View Client: Downloads:
- https://my.vmware.co...=578&rPId=16682
Documentation:
- https://www.vmware.c...ients_pubs.html
___

- http://www.securityt....com/id/1038642
CVE Reference: CVE-2017-4918
Jun 8 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): View Client 2.x, 3.x, 4.x ...
Impact: A local user can obtain root privileges on the target system.
Solution: VMware has issued a fix (View Client 4.5)...