Security Alert (A18-07-01): Multiple Vulnerabilities in VMware Products


 

Published on: 03 July 2018

  
  

Description:

VMware has published a security advisory to address vulnerabilities found in VMware vSphere ESXi (ESXi) version 6.7, VMware Workstation version 14.x and VMWare Fusion version 10.x. The vulnerabilities are caused by out-of-bounds read in the shader translator component.

 

Affected Systems:

  • VMware vSphere ESXi (ESXi) version 6.7
  • VMware Workstation version 14.x
  • VMware Fusion version 10.x

 

Impact:

Successful exploitation of the vulnerabilities could lead to information disclosure and denial-of-service condition on an affected system.

 

Recommendation:

The product vendor has released new versions to address the issue at the vendor's website:

  • VMware vSphere ESXi (ESXi) version 6.7
    https://my.vmware.com/group/vmware/patch

  • VMware Workstation Pro 14.1.2
    https://www.vmware.com/go/downloadworkstation

  • VMware Workstation Player 14.1.2
    https://www.vmware.com/go/downloadplayer

  • VMware Fusion Pro/ Fusion 10.1.2
    https://www.vmware.com/go/downloadfusion

System administrators may contact their product support vendors for the fixes and assistance.

 

More Information:

https://www.vmware.com/security/advisories/VMSA-2018-0016.html
http://kb.vmware.com/kb/55920
https://www.us-cert.gov/ncas/current-activity/2018/06/30/VMware-Releases-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6965 (to CVE-2018-6867)

 



Tag: VMware , vSphere , ESXi , VMware Workstation , VMware Fusion
Tags