News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
September 22, 2014, 22:17:08
Pages: 1 ... 6 7 [8]   Go Down
  Print  
Topic: VMware svr and client multiple vulns - updates available  (Read 32983 times)
0 Members and 1 Guest are viewing this topic.
« Reply #105 on: March 12, 2014, 07:21:42 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0002 - VMware vSphere updates - third party libraries
- http://www.vmware.com/security/advisories/VMSA-2014-0002.html
2014-03-11 - "Summary: VMware has updated vSphere third party libraries... The NTP daemon has a DDoS vulnerability in the handling of the "monlist" command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack... Mitigation for this issue is documented in VMware Knowledge Base article 2070193*...
* http://kb.vmware.com/kb/2070193

vCenter Server 5.5 - Release Notes:
- https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1-release-notes.html

ESXi 5.5
- http://kb.vmware.com/kb/2065826
___

- https://secunia.com/advisories/57388/
Release Date: 2014-03-12
Criticality: Highly Critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access...

- https://secunia.com/advisories/57393/
Release Date: 2014-03-12
Criticality: Highly Critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access...

 Exclamation
« Last Edit: March 12, 2014, 08:12:02 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #106 on: April 11, 2014, 04:49:32 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0003 - VMware vSphere Client updates address security vulns
- http://www.vmware.com/security/advisories/VMSA-2014-0003.html
2014-04-10
Synopsis: VMware vSphere Client updates address security vulnerabilities
CVE numbers: CVE-2014-1209, CVE-2014-1210
Summary: VMware vSphere Client updates address security vulnerabilities
Relevant Releases: vSphere Client 5.1, 5.0, 4.1, 4.0
Problem Description: vSphere Client Insecure Client Download
vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link... table lists the action required to remediate the vulnerability in each release, if a solution is available...
(More detail available at the vmware URL above.)
___

- http://www.securitytracker.com/id/1030055
CVE Reference: CVE-2014-1209, CVE-2014-1210
Apr 11 2014
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): vSphere Client 4.0, 4.1, 5.0, 5.1 ...
Solution: The vendor has issued a fix (5.0 Update 3, 5.1 Update 2; For versions 4.x, use vSphere Client 4.0 or 4.1 from ESX/EXSi)...
The vendor's advisory is available at:
- http://www.vmware.com/security/advisories/VMSA-2014-0003.html

 Exclamation
« Last Edit: April 12, 2014, 18:03:49 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #107 on: April 14, 2014, 10:17:52 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0004.6 - VMware product updates address OpenSSL security vulnerabilities
- http://www.vmware.com/security/advisories/VMSA-2014-0004.html
Updated on: 2014-04-20
... Change Log:
2014-04-14 VMSA-2014-0004
Initial security advisory in conjunction with the release of Horizon Workspace Server 1.8 and 1.5 updates on 2014-04-14
2014-04-15 VMSA-2014-0004.1
Updated security advisory in conjunction with the release of Horizon Mirage Edge Gateway 4.4.2 patch on 2014-04-15
2014-04-16 VMSA-2014-0004.2
Updated security advisory in conjunction with the release of vCloud Networking and Security 5.5.2 and 5.1.4 on 2014-04-16
2014-04-17 VMSA-2014-0004.3
Updated security advisory in conjunction with the release of Workstation 10.0.2, Fusion 6.0.3, Player 6.0.2 and Horizon Workspace Client 1.8.1 on 2014-04-17
2014-04-18 VMSA-2014-0004.4
Updated security advisory in conjunction with the release of NSX 6.0.4 for vSphere, Horizon View 5.3 Feature Pack 2 and Horizon View Clients 2.3.3 on 2014-04-18
2014-04-19 VMSA-2014-0004.5
Updated security advisory in conjunction with the release of vCenter Server 5.5.0c, vCenter Server 5.5 Update 1a, ESXi 5.5, Horizon Workspace Server 1.8.1, NSX for Multi-Hypervisor 4.0.2 and 4.1.1, NSX 3.2.2, OVF Tool 3.5.1, vCloud Automation Center (vCAC) 6.0.1, vSphere Big Data Extensions 1.1 and Client Integration Plug-In 5.5 on 2014-04-19
2014-04-20 VMSA-2014-0004.6
Updated security advisory in conjunction with the release of vCloud Director 5.5.1.1 on 2014-04-20

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 - 5.0
___

VMware OpenSSL TLS/DTLS Heartbeat Vulnerabilities - Multiple Products ...
- https://secunia.com/advisories/57770/
Last Update:  2014-04-21
Criticality: Moderately Critical
Where: From remote
Impact: Exposure of sensitive information ...
Original Advisory:
- http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2076225
Purpose: The VMware Security Engineering, Communications, and Response group (vSECR) is investigating the OpenSSL issue dubbed "Heartbleed" (CVE-2014-0160).
This article reflects the status of the ongoing investigation.
Resolution: The following is a response to the current situation with the software security vulnerability dubbed Heartbleed:
The VMware Security and Engineering teams are working on remediation for the VMware products that have been impacted. VMware is acutely aware of the seriousness of the Heartbleed vulnerability, and all available resources are being directed toward a resolution amidst this industry-wide situation. VMware plans to release updated products and patches for all affected products in this article by April 19th. Please check this article for any updates or exceptions to this timeframe. See the lists below for affected products, and refer to the Resolution/mitigation section for steps to protect your systems while updates are being prepared...

- http://blog.socialcast.com/socialcast-response-to-heartbleed-aka-cve-2014-0160/
Apr 9, 2014

 Exclamation  Sad
« Last Edit: April 21, 2014, 05:44:21 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #108 on: May 30, 2014, 03:16:05 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches
- http://www.vmware.com/security/advisories/VMSA-2014-0005.html
2014-05-29
Synopsis: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
CVE numbers: CVE-2014-3793
Relevant Releases:
VMware Workstation 10.x prior to version 10.0.2
VMware Player 6.x prior to version 6.0.2
VMware Fusion 6.x prior to version 6.0.3
ESXi 5.5 without patch ESXi550-201403102-SG
ESXi 5.1 without patch ESXi510-201404102-SG
ESXi 5.0 without patch ESXi500-201405102-SG
Problem Description:
Guest privilege escalation in VMware Tools: A kernel NULL dereference vulnerability was found in VMware Tools running on Microsoft Windows 8.1. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system...

- http://www.securitytracker.com/id/1030310
CVE Reference: CVE-2014-3793
May 30 2014
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes 
Version(s): Workstation 10.x prior to 10.0.2, Player 6.x prior to 6.0.2, Fusion 6.x prior to 6.0.3
Solution: The vendor has issued a fix (Workstation 10.0.2; Player 6.0.2; Fusion 6.0.3)...

- http://www.securitytracker.com/id/1030311
CVE Reference: CVE-2014-3793
May 30 2014
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes 
Version(s): ESXi 5.0, 5.1, 5.5
Solution: The vendor has issued a fix.
ESXi 5.0: ESXi500-201405102-SG
ESXi 5.1: ESXi510-201404102-SG
ESXi 5.5: ESXi550-201403102-SG ...

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #109 on: June 11, 2014, 10:51:02 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0006 - VMware updates - OpenSSL security vulns
- http://www.vmware.com/security/advisories/VMSA-2014-0006.html
2014-06-10
CVE numbers: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470
Relevant Releases: ESXi 5.5 prior to ESXi550-201406401-SG
Change Log: 2014-06-10 VMSA-2014-0006 - Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10
Download: https://www.vmware.com/patchmgr/download.portal
Release Notes and Remediation Instructions:
- http://kb.vmware.com/kb/2077359

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #110 on: June 16, 2014, 01:46:49 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0006.1 - VMware product updates address OpenSSL security vulns
- http://www.vmware.com/security/advisories/VMSA-2014-0006.html
Updated on: 2014-06-12
CVE numbers: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470
Relevant Releases:
Big Data Extensions prior to 2.0.0
ESXi 5.5 prior to ESXi550-201406401-SG
Horizon Mirage Edge Gateway prior to 4.4.3
vCD prior to 5.5.1.2
vCenter prior to 5.5u1b
vCSA prior to 5.5u1b
Update Manager prior to 5.5u1b
Change Log: 2014-06-12 VMSA-2014-0006.1
Updated security advisory in conjunction with the release of Big Data Extensions 2.0.0, Horizon Mirage Edge Gateway 4.4.3, vCD 5.5.1.2, vCenter Server 5.5u1b, vCSA 5.5u1b, and Update Manager 5.5u1b on 2014-06-12..
More at: http://www.vmware.com/security/advisories/VMSA-2014-0006.html

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #111 on: June 19, 2014, 01:31:05 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0006.2 - VMware product updates address OpenSSL security vulnerabilities
- http://www.vmware.com/security/advisories/VMSA-2014-0006.html
Updated on: 2014-06-17
CVE numbers: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470
Relevant Releases:
Big Data Extensions prior to 2.0.0
ESXi 5.5 without patch ESXi550-201406401-SG
ESXi 5.1 without patch ESXi510-201406401-SG
Horizon Mirage Edge Gateway prior to 4.4.3
vCD prior to 5.5.1.2
vCenter prior to 5.5u1b
vCSA prior to 5.5u1b
Update Manager prior to 5.5u1b
VDDK prior to 5.0.4
VDDK prior to 5.1.3
VDDK prior to 5.5.2 ...

 Exclamation Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #112 on: June 25, 2014, 01:09:13 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0007 - VMware product updates - Apache Struts library
- http://www.vmware.com/security/advisories/VMSA-2014-0007.html
2014-06-24
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112 - 7.5 (HIGH)
Relevant releases: VMware vCenter Operations Management Suite prior to 5.8.2
Problem Description: The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Operations Management Suite 5.8.2 / Downloads and Documentation:
- https://www.vmware.com/go/download-vcops
Change log: 2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24...

 Exclamation
« Last Edit: June 25, 2014, 10:54:10 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #113 on: September 10, 2014, 11:25:24 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0008 - VMware vSphere product updates to 3rd party libraries
- http://www.vmware.com/security/advisories/VMSA-2014-0008.html
Sep 9, 2014
Summary: VMware has updated vSphere third party libraries
- Relevant releases:
VMware vCenter Server 5.5 prior to Update 2
VMware vCenter Update Manager 5.5 prior to Update 2
VMware ESXi 5.5 without patch ESXi550-201409101-SG
Problem Description:
a. vCenter Server Apache Struts Update
b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates
c. Update to ESXi glibc package
d. vCenter and Update Manager, Oracle JRE 1.7 Update 55
Change log:
VMSA-2014-0008 Initial security advisory in conjunction with the release of vSphere 5.5 Update 2 on 2014-09-09...

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #114 on: September 12, 2014, 02:41:40 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8276



FYI...

VMSA-2014-0009 - VMware NSX and vCNS product updates ...
- http://www.vmware.com/security/advisories/VMSA-2014-0009.html
2014-09-11
Summary: VMware NSX and vCloud Networking and Security (vCNS) product updates address a vulnerability that could lead to critical information disclosure.
Relevant releases:
NSX 6.0 prior to 6.0.6
vCNS 5.5 prior to 5.5.3
vCNS 5.1.4 prior to 5.1.4.2
Problem Description:
a. VMware NSX and vCNS information disclosure vulnerability
VMware NSX and vCNS contain an input validation vulnerability. This issue may allow for critical information disclosure...
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3796 - 5.0

- http://www.securitytracker.com/id/1030835
CVE Reference: CVE-2014-3796
Sep 11 2014
Impact: Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): vCNS 5.1.4 prior to 5.1.4.2, 5.5 prior to 5.5.3 ...
Solution: The vendor has issued a fix (5.1.4.2, 5.5.3)...

 Exclamation
« Last Edit: September 18, 2014, 07:48:08 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 ... 6 7 [8]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.86 seconds with 19 queries.