Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1573 VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store 23 May 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware vCenter Server (VC) VMware vSphere ESXi (ESXi) VMware Fusion Pro VMware Workstation Pro Publisher: VMWare Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-3640 CVE-2018-3639 Reference: ASB-2018.0121 ESB-2018.1570 ESB-2018.1567 ESB-2018.1554 ESB-2018.1550 ESB-2018.1549 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2018-0012.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2018-0012 Severity: Moderate Synopsis: VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue. Issue date: 2018-05-21 Updated on: 2018-05-21 (Initial Advisory) CVE number: CVE-2018-3639 1. Summary VMware vSphere, Workstation and Fusion updates enable Hypervisor- Assisted Guest Mitigations for Speculative Store Bypass issue. The mitigations in this advisory are categorized as Hypervisor Assisted Guest Mitigations described by VMware Knowledge Base article 54951. KB54951 also covers CVE-2018-3640 mitigations which do not require VMware product updates. 2. Relevant Products VMware vCenter Server (VC) VMware vSphere ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) 3. Problem Description vCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (GOS) can remediate the Speculative Store bypass issue (CVE-2018-3639) using the Speculative-Store- Bypass-Disable (SSBD) control bit. This issue may allow for information disclosure in applications and/or execution runtimes which rely on managed code security mechanisms. Based on current evaluations, we do not believe that CVE-2018-3639 could allow for VM to VM or Hypervisor to VM Information disclosure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3639 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround =========== ========= ======= ========= ================= ========== VC 6.7 Any Moderate Patch Pending* None VC 6.5 Any Moderate Patch Pending* None VC 6.0 Any Moderate Patch Pending* None VC 5.5 Any Moderate Patch Pending* None ESXi 6.7 Any Moderate Patch Pending* None ESXi 6.5 Any Moderate Patch Pending* None ESXi 6.0 Any Moderate Patch Pending* None ESXi 5.5 Any Moderate Patch Pending* None Workstation 14.x Any Moderate 14.1.2** None Fusion 10.x Any Moderate 10.1.2** None *These updates are on hold until Intel has released updated microcode which has been tested by VMware. **There are additional VMware and 3rd party requirements for CVE-2018-3639 mitigation beyond applying these updates. Please see VMware Knowledge Base Article 55111 for details. 4. Solution VMware Workstation Pro, Player 14.1.2 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://www.vmware.com/go/downloadplayer VMware Fusion Pro / Fusion 10.1.2 Downloads and Documentation: https://www.vmware.com/go/downloadfusion 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 https://kb.vmware.com/kb/54951 https://kb.vmware.com/kb/55111 - - ------------------------------------------------------------------------ 6. Change log 2018-05-21: Initial security advisory in conjunction with the release of Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21. - - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. - -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQSmJMaUX5+xuU/DnNwMRybxVuL2QwUCWwLcKAAKCRAMRybxVuL2 Q/WnAKD66NtwlYXMUBkrev+wQoCEu4smLACgmyVURkBIjsbq0i/vrb0CFDLt6EY= =kpHA - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWwT9G4x+lLeg9Ub1AQgqtA//dgEV2PLrAcSTDsksNos4DHdyZtlCyhSQ 08NGRvQR4hCHYgxsZ9SEESCaf4jBfkFhMAfbNGXAqH8rp2E3Vw2SDsWuA8Nw4jq0 3GPUhAnnAlzeLbWaMyyCYTjGvvXis7W30GHzhC6feQYpN5HSLUC168RFuOPRSZiU Iu5vZ6+Jwj8uD33HfzYIz4w+pW7Fzmd17/6/nlMBzmlROqqwtS1R6MxFCBbw31vW AdkRm2W11bxkYqMZ+4oTJf36zz0UqQRfYOkdvmg8VvyDbVxnoxRnOOYZFMlWm20L FuVK51xtsR1R7g8Rj/4HtGfUurKGw+I/nMPsBePhs2GJweqQuwtaeMPY7KPm+EYs +WU0PwSMJywIx0OED/hTjZ2X5r6KxL+0Wv96bYErNB1m7hk07T1nUgHuOcp0BrA3 VzF8X2O+jlShxgpbmBKcKueSPZbR8jbpsfxgaxNiPnXHcZtkjEgjBfLjgVwJFU6E NFlCz9zixwGI1ybiTUUBTH1VmYq2itBqMJz8Rl9AmhTLykdaCroZyloKchDpdCtg Kdf8nAF05JARmxhrjpDYCWX8TjHwOBdGl+Bh0o0y4gKVXx9fmY40UUp4Hn4UUAZ6 3tFimVa9yEJEXyAK8RxNWCx+bDqupx+J+oADzFJVmUYVq7NxA8gvbXGX1OYjPLEL bAVJJ9rWg0c= =6Evy -----END PGP SIGNATURE-----