Tag: VMSA

NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Response Center! Today we wanted to make you aware that NVIDIA has released a security bulletin entitled NVIDIA GPU Display Driver Security Updates for Multiple Vulnerabilities which details some NVIDIA GPU Display Driver Vulnerabilities and remediation. CVE-2018-6251 and CVE-2018-6253 have been shown to affect VMware Workstation, but they are not something that we can fully resolve from our end. Therefore, we wanted to make sure you were informed of these issues so that Read more […]

New VMware Security Advisory VMSA-2018-0010

New VMware Security Advisory VMSA-2018-0010

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: “VMSA-2018-0010 – Horizon DaaS update addresses a broken authentication issue” This documents the remediation of a moderate severity issue (CVE-2018-6960) in VMware Horizon DaaS that may allow an attacker to bypass two-factor authentication. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. All VMware Horizon DaaS 7.x versions are affected. This issue has been addressed in VMware Read more […]

New VMware Security Advisory VMSA-2018-0009

New VMware Security Advisory VMSA-2018-0009

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new security advisory: VMSA-2018-0009  – vRealize Automation (vRA) updates address multiple security issues This documents the remediation of Important and Moderate severity issues (CVE-2018-6958  and CVE-2018-6959). Issue (a)  CVE-2018-6958 is a DOM-based cross-site scripting (XSS) vulnerability. Exploitation of this issue may lead to the compromise of the vRA user’s workstation. Issue (b) CVE-2018-6959 is a vulnerability in Read more […]

VMSA-2018-0004.3

VMSA-2018-0004.3

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! It’s time. Today we released VMSA-2018-0004.3 which documents Hypervisor-Assisted Guest Mitigations for CVE-2017-5715 (Spectre-2). We thought it would be a good idea to quickly link all of the documentation which has undergone a major change. For newcomers, please familiarize yourself by reading through KB52245 first to get a strong understanding of the various categories of mitigations that VMware has provided. Major Updates: Updated Advisory: Read more […]

New VMware Security Advisory VMSA-2018-0008

New VMware Security Advisory VMSA-2018-0008

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0008 – Workstation and Fusion updates address a denial-of-service vulnerability This documents the remediation of an Important severity denial-of-service vulnerability affecting VMware Workstation and Fusion. This issue can be triggered by opening a large number of VNC sessions.  In order for exploitation to be possible, VNC must be manually enabled on Workstation and Fusion. VMware Workstation 14.1.1 and Read more […]

VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution

VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to speculative execution

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Greetings from the VMware Security Response Center! We thought we should post an explanation of today’s changes to VMSA-2018-0007 as we have removed CVE-2017-5715 from the advisory. The reason we have done this is to clarify which of these issues have been mitigated against currently known variants of the different vulnerabilities. Because CVE-2017-5753 (Meltdown) is considered by some to be the most severe/exploitable of the issues, we did not want to wait for CVE-2017-5715 (Spectre-2) mitigations Read more […]

VMware Security Advisory VMSA-2018-0007

VMware Security Advisory VMSA-2018-0007

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0007 Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMware Security Advisory VMSA-2018-0007 appeared first on VMware Security & Compliance Blog. Read more […]

VMware Security Advisory VMSA-2018-0006

VMware Security Advisory VMSA-2018-0006

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today VMware has released the following new and updated security advisories: VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support. The post VMware Security Advisory VMSA-2018-0006 appeared first on VMware Security Read more […]

New VMware Security Advisory VMSA-2018-0005

New VMware Security Advisory VMSA-2018-0005

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0005 – VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities” This documents the remediation of Critical and Important severity issues (CVE-2017-4949, and CVE-2017-4950). Issues (a) CVE-2017-4949 is a use-after-free vulnerability in VMware NAT service which can be exploited when IPv6 mode is enabled. This issue is rated as critical and may allow a guest to execute Read more […]

New VMware Security Advisory VMSA-2018-0003

New VMware Security Advisory VMSA-2018-0003

This post was originally published on this site —— This is a critical security advisory from VMware (VMSA) — Today, VMware has released the following new security advisory: “VMSA-2018-0003 – vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities” This documents the remediation of three Important severity issues (CVE-2017-4945, CVE-2017-4946, and CVE-2017-4948). Issues (a) CVE-2017-4946 is a privilege escalation vulnerability that affects vRealize Operations for Horizon Read more […]