Category: VMware Security Advisories

VMware VMSAs and Security News

New VMware Security Advisory VMSA-2018-0022 and Updated Security Advisory VMSA-2018-0019.1

New VMware Security Advisory VMSA-2018-0022 and Updated Security Advisory VMSA-2018-0019.1

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new and updated security advisories: VMSA-2018-0022 – VMware Workstation and Fusion updates address an out-of-bounds write issue VMSA-2018-0019.1 – Horizon 6, 7, Horizon Agent, and Horizon Client for Windows updates address an out-of-bounds read vulnerability VMSA-2018-0022 documents the remediation of a critical severity out-of-bounds read vulnerability (CVE-2018-6973) in VMware Workstation and Fusion. Successfully exploiting this issue may allow Read more […]

VMware Security Advisory VMSA-2018-0020 and VMSA-2018-0021 – L1 Terminal Fault (L1TF): CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615

VMware Security Advisory VMSA-2018-0020 and VMSA-2018-0021 – L1 Terminal Fault (L1TF): CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! Today we have published security advisories, knowledge base articles, updates, patches, and tools in response to new Speculative-Execution vulnerabilities in Intel processors known collectively as ‘L1 Terminal Fault’ or ‘L1TF.’ These vulnerabilities are identified by CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615. There is a lot of documentation on this event, so I wanted to summarize the core points in a short message. The Read more […]

New VMware Security Advisory VMSA-2018-0019 and Updated Security Advisory VMSA-2015-0007.7

New VMware Security Advisory VMSA-2018-0019 and Updated Security Advisory VMSA-2015-0007.7

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new and updated security advisories: VMSA-2018-0019 – Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability VMSA-2015-0007.7 – VMware vCenter and ESXi updates address critical security issues VMSA-2018-0019 documents the remediation of an important severity out-of-bounds read vulnerability (CVE-2018-6970) in Horizon 6, 7, and Horizon Client for Windows. Successfully exploiting this issue may allow a less-privileged Read more […]

VMware Security Advisory: VMSA-2018-0018

VMware Security Advisory: VMSA-2018-0018

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0018 Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMware Security Advisory: VMSA-2018-0018 appeared first on VMware Security & Compliance Blog. Read more […]

New VMware Security Advisory VMSA-2018-0017

New VMware Security Advisory VMSA-2018-0017

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0017 – VMware Tools update addresses an out-of-bounds read vulnerability” This documents the remediation of an important severity out-of-bounds read vulnerability (CVE-2018-6969) in VMware Tools. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. File sharing must be enabled to be able to exploit this issue. VMware Read more […]

New VMware Security Advisory VMSA-2018-0016 and updated advisories VMSA-2018-0011.1, VMSA-2018-0012.1

New VMware Security Advisory VMSA-2018-0016 and updated advisories VMSA-2018-0011.1, VMSA-2018-0012.1

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0016 – VMware ESXi, and Workstation updates address multiple out-of-bounds read vulnerabilities.VMSA-2018-0012.1 – VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative StoreVMSA-2018-0011.1 – Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud VMSA-2018-0016 documents out-of-bound read issues in the shader translator Read more […]

VMSA-2018-0015

VMSA-2018-0015

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0015 – https://www.vmware.com/security/advisories/VMSA-2018-0015.html Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMSA-2018-0015 appeared first on VMware Security & Compliance Blog. Read more […]

New VMware Security Advisory VMSA-2018-0014

New VMware Security Advisory VMSA-2018-0014

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: “VMSA-2018-0014 – VMware Horizon Client update addresses a privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6964) in VMware Horizon Client for Linux. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed. VMware Horizon Client Read more […]

New VMware Security Advisory VMSA-2018-0013

New VMware Security Advisory VMSA-2018-0013

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0013 – VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities” This documents the remediation of an important severity issue (CVE-2018-6962) in VMware Fusion and moderate severity issues (CVE-2018-6963) in VMware Workstation and Fusion. Issue (a) CVE-2018-6962 is signature bypass vulnerability which may lead to a local privilege escalation. This issue Read more […]

VMSA-2018-0012

VMSA-2018-0012

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! Today we released VMSA-2018-0012 which documents Hypervisor-Assisted Guest Mitigations for CVE-2018-3639 (Speculative Store Bypass). In addition CVE-2018-3640 (Rogue System Register Read) was also disclosed today. We thought a few points and a documentation summary would be in order to help sum up what this issue means for VMware products: CVE-2018-3639 – The issue requires Hypervisor-Assisted Guest Mitigations for vSphere to pass the new Read more […]