Tag: ALERT

New VMware Security Advisories VMSA-2017-0018 and VMSA-2017-0019

New VMware Security Advisories VMSA-2017-0018 and VMSA-2017-0019

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, we released VMSA-2017-0018 and VMSA-2017-0019. VMSA-2017-0018 – VMware Workstation, Fusion, and Horizon View Client updates resolve multiple security vulnerabilities This documents critical and moderate severity vulnerabilities affecting VMware Horizon View Client for Windows 4.x, Workstation 12.x and Fusion 8.x. Issue (a) is a heap-based buffer overflow vulnerability (CVE-2017-4934) which affects VMware Workstation and Fusion and may allow a guest to execute code on the host. This issue Read more […]

New VMware Security Advisory VMSA-2017-0017

New VMware Security Advisory VMSA-2017-0017

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: VMSA-2017-0017 – VMware vCenter Server update resolves LDAP DoS, SSRF and CLRF injection issues This documents the remediation of two moderate severity issues, CVE-2017-4927 and CVE-2017-4928. These issues affect VMware vCenter Server. Issue (a) CVE-2017-4927: VMware vCenter Server doesn’t correctly handle specially crafted LDAP network packets which may allow for remote DoS. This issue affects vCenter Server 6.5 and 6.0. Read more […]

VMSA-2017-0016

VMSA-2017-0016

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: VMSA-2017-0016: VMware AirWatch Console and Launcher for Android updates resolve multiple vulnerabilities. Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMSA-2017-0016 appeared first on VMware Security & Compliance Blog. Read more […]

Security Patches for VMware vCenter Server Appliance Photon OS

Security Patches for VMware vCenter Server Appliance Photon OS

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Our customers have indicated that they would like to see VMware more frequently update the Photon OS operating system that powers the vCenter Server Appliance (VCSA). To follow up on this request, we have now started a program that will provide monthly patches for the VCSA operating system. The program will address important security issues that are present in the VCSA Photon OS operating system on a monthly basis. In some months (e.g. this month) the update will be through stand-alone patches while Read more […]

New VMware Security Advisory VMSA-2017-0015

New VMware Security Advisory VMSA-2017-0015

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: “VMSA-2017-0015 – VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities” This documents the remediation of a critical severity issue (CVE-2017-4924) and two moderate severity issues (CVE-2017-4925 and CVE-2017-4926). These issues affect VMware ESXi, VMware Workstation, VMware Fusion and VMware vCenter Server. Issue (a) CVE-2017-4924 is an out-of-bounds write vulnerability Read more […]

VMware Security Response Center @ VMworld 2017

VMware Security Response Center @ VMworld 2017

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — For  those visiting VMworld, come and meet VMware Trust and Assurance (which includes VMware Security Response Center) in Las Vegas next week or in Barcelona in three weeks from now. Bring your questions and concerns on security issues in our products and services, and how we address these. We would also like to have feedback on the VMware Security Advisories  and our patch policies. How to find us? We  are accepting 1:1 meetings at VMworld. If  you would like to schedule a meeting Read more […]

New VMware Security Advisory VMSA-2017-0014

New VMware Security Advisory VMSA-2017-0014

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: VMSA-2017-0014 – VMware NSX-V Edge updates address OSPF Protocol LSA DoS The advisory documents a hard to exploit denial of service vulnerability in the implementation of the OSPF protocol in NSX-V Edge. This issue is present due to incorrect handling of link-state advertisements (LSA). NSX-V Edge 6.2.8 and NSX-V Edge 6.3.3 address the issue. We would like to thank Adi Sosnovich, Orna Grumberg and Gabi Nakibly for reporting this Read more […]

New VMware Security Advisory VMSA-2017-0013

New VMware Security Advisory VMSA-2017-0013

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: “VMSA-2017-0013 – VMware vCenter Server and Tools updates resolve multiple security vulnerabilities” This documents an insecure library loading issue (CVE-2017-4921) and two information disclosure issues (CVE-2017-4922 and CVE-2017-4923) affecting VMware vCenter 6.5 release line. These issues are of moderate severity. This also documents a moderate severity local privilege escalation issue (CVE-2015-5191) affecting VMware Read more […]

Guest Access: BlackHat 2017

Guest Access: BlackHat 2017

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — The Black Hat USA 2017 conference includes a talk by Ofri Ziv of Guardicore Labs about using the VIX API to obtain privileged access to a guest operating system with unexpectedly low VIM API permissions. VMSA-2017-0012 contains details of impacted versions and workarounds. The Common Vulnerabilities and Exposures project has assigned CVE-2017-4919 for this issue, with thanks to Ofri Ziv and Itamar Tal of Guardicore for discovering and reporting it. Permissions Understanding the privilege Read more […]

New VMware Security Advisory VMSA-2017-0011

New VMware Security Advisory VMSA-2017-0011

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2017-0011 – Horizon View Client update addresses a command injection vulnerability” This documents an important severity command injection vulnerability (CVE-2017-4918) in the service startup script that affects VMware Horizon View Client for Mac (versions 2.x, 3.x and 4.x ). Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OS X system where the Read more […]