Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3195 VMware Security Advisory 19 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware ESXi VMware Workstation VMware Fusion Publisher: VMWare Operating System: Virtualisation Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-6974 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2018-0026.html - --------------------------BEGIN INCLUDED TEXT-------------------- VMware Security Advisory Advisory ID: VMSA-2018-0026 Severity: Critical Synopsis: VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability Issue date: 2018-10-16 Updated on: 2018-10-16 (Initial Advisory) CVE number: CVE-2018-6974 1. Summary VMware ESXi, Workstation, and Fusion updates address an out-of- bounds read vulnerability 2. Relevant Products VMware vSphere ESXi (ESXi) VMware Fusion Pro / Fusion (Fusion) VMware Workstation Pro / Player (Workstation) 3. Problem Description Out-of-bounds read vulnerability in SVGA Device VMware ESXi, Fusion and Workstation contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware would like to thank Anonymous working with Trend Micro's Zero Day Initiative for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6974 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply patch Workaround ========== ======= ====== ======== ============= =========== ESXi 6.7 ESXi Critical ESXi670-201810101-SG None ESXi 6.5 ESXi Critical ESXi650-201808401-BG None ESXi 6.0 ESXi Critical ESXi600-201808401-BG None ESXi 5.5 ESXi not affected n/a n/a Workstation 15.x Any not affected n/a n/a Workstation 14.x Any Critical 14.1.3 None Fusion 11.x OS X not affected n/a n/a Fusion 10.x OS X Critical 10.1.3 None 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 6.7 ------------- Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-671-release-n otes.html ESXi 6.5 ------------- Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/56547 ESXi 6.0 ------------- Downloads: https://my.vmware.com/group/vmware/patch Documentation: https://kb.vmware.com/kb/56552 VMware Workstation Pro 14.1.3 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://docs.vmware.com/en/VMware-Workstation-Pro/index.html VMware Workstation Player 14.1.3 Downloads and Documentation: https://www.vmware.com/go/downloadplayer https://docs.vmware.com/en/VMware-Workstation-Player/index.html VMware Fusion Pro / Fusion 10.1.3 Downloads and Documentation: https://www.vmware.com/go/downloadfusion https://docs.vmware.com/en/VMware-Fusion/index.html 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6974 - - ------------------------------------------------------------------------ 6. Change log VMSA-2018-0026 2018-10-16 Initial security advisory in conjunction with the release of ESXi 6.7 patch on 2018-10-16 - - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW8l3aGaOgq3Tt24GAQiwsQ//UMIIa/Mhf2Z73l3wMX4RhFQ5fPIbInqM xIlL30kGXVE1SqhtBIYRwhmcO/2ORB3A+3ZxESdpjH8T5SoH+vZywKFTz1Yc7WEI E7nD/JlaYF8yhuVd5GwTgC3EJRRdBYcJRnudHv2v8RZjYzIWs/yT2je0EvJMF9Vc btDOt79Inb8beqZwdViBScO+ILk95kf858tSMELevXeTRCtVXRv9MXfysV7Q0QIX IfhJStd2qgtCMsfg+STvvqCrG+MUi6/nBS6DbEbyBG6zI/sCZUThbDnqEq5MyGV0 skDcCxs4KSlrpgAzJaoa/eTy5eFFS40QV9c/ef+Un2ULnjMSeqUG5ljC4vUigo58 k7J4AD7jKiT/N1c5IcYArCnSUYBOs9yNMjR3N6P+0aXF4Sow/n8iou1yOU+iivHO 2YrvFitPEM21pKretHLmoEtwtuIu2TaXXU7hC+Vmg3/1XUZYKmx3qajxJ45My+fI +hG0swDnezE3ZNpM9ufwM00ybYs+D3gKop71RKIPT4IsIYQ9oxuEygflcE4eOCQ4 dvlMHSqNMP9hCrrwZ5VcYMo5MFgTbJyHayRwkjIj9nhoJaglT3VsrexbZOCniCpu MXbXk+rzEEeYI1dLyp3xW04UbGGX4QRakuc0581bo6BV0XF46+/bQ2tN7Ia/Etud 6B/D8NKR1Pc= =+DrF -----END PGP SIGNATURE-----