Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1722.2
VMware product updates address MDS vulnerabilities
6 August 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware vCenter Server
VMware vSphere ESXi
VMware Workstation Pro
VMware Workstation Player
VMware Fusion Pro
VMware Fusion
VMware vCloud Usage Meter
VMware Identity Manager
Publisher: VMWare
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11091 CVE-2018-12130 CVE-2018-12127
CVE-2018-12126
Reference: ASB-2019.0138
Original Bulletin:
https://www.vmware.com/security/advisories/VMSA-2019-0008.html
Revision History: August 6 2019: Updated security advisory with Operating
System-Specific Mitigations included with
vCenter Server Appliance 6.7u2c and vCenter
Server Appliance 6.5u3.
May 15 2019: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
+-----------------------------------------------------------------------------+
|Advisory|VMSA-2019-0008.1 |
|ID | |
|--------+--------------------------------------------------------------------|
|Advisory|Moderate |
|Severity| |
|--------+--------------------------------------------------------------------|
|CVSSv3 |3.8 - 6.5 |
|Range | |
|--------+--------------------------------------------------------------------|
| |VMware product updates enable Hypervisor-Specific |
| |Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating |
|Synopsis|System-Specific Mitigations for Microarchitectural Data Sampling |
| |(MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, |
| |CVE-2018-12130, and CVE-2019-11091) |
|--------+--------------------------------------------------------------------|
|Issue |2019-05-14 |
|Date | |
|--------+--------------------------------------------------------------------|
|Updated |2019-08-05 |
|On | |
|--------+--------------------------------------------------------------------|
|CVE(s) |CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 |
+-----------------------------------------------------------------------------+
1. Impacted Products
* VMware vCenter Server (VC)
* VMware vSphere ESXi (ESXi)
* VMware Workstation Pro / Player (WS)
* VMware Fusion Pro / Fusion (Fusion)
* vCloud Usage Meter (UM)
* Identity Manager (vIDM)
* vCenter Server (vCSA)
* vSphere Data Protection (VDP)
* vSphere Integrated Containers (VIC)
* vRealize Automation (vRA)
2. Introduction
Intel has disclosed details on speculative-execution vulnerabilities known
collectively as "Microarchitectural Data Sampling (MDS)" that can occur on
Intel microarchitecture prior to 2nd Generation Intel Xeon Scalable
Processors (formerly known as Cascade Lake). These issues may allow a malicious
user who can locally execute code on a system to infer data otherwise protected
by architectural mechanisms.
There are four uniquely identifiable vulnerabilities associated with MDS:
* CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) -
CVSSv3 = 6.5
* CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) -
CVSSv3 = 6.5
* CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) -
CVSSv3 = 6.5
* CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory
(MDSUM) - CVSSv3 = 3.8
To assist in understanding speculative-execution vulnerabilities, VMware
previously defined the following mitigation categories:
* Hypervisor-Specific Mitigations prevent information leakage from the
hypervisor or guest VMs into a malicious guest VM. These mitigations
require code changes for VMware products.
* Hypervisor-Assisted Guest Mitigations virtualize new speculative-execution
hardware control mechanisms for guest VMs so that Guest OSes can mitigate
leakage between processes within the VM. These mitigations require code
changes for VMware products.
* Operating System-Specific Mitigations are applied to guest operating
systems. These updates will be provided by a 3rd party vendor or in the
case of VMware Virtual Appliances, by VMware.
* Microcode Mitigations are applied to a system?s processor(s) by a microcode
update from the hardware vendor. These mitigations do not require
hypervisor or guest operating system updates to be effective.
MDS vulnerabilities require Hypervisor-Specific Mitigations (described in
section 3a.) Hypervisor-Assisted Guest Mitigations (described in section 3b.)
and Operating System-Specific Mitigations (described in section 3c.)
3a. Hypervisor-Specific Mitigations for MDS vulnerabilities - CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091
Description:
vCenter Server, ESXi, Workstation, and Fusion updates include
Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities.
VMware has evaluated the severity of these issues to be in the Moderate
severity range with a maximum CVSSv3 base score of 6.5.
Known Attack Vectors:
A malicious user must have local access to a virtual machine and the ability to
execute code to infer data otherwise protected by architectural mechanisms from
another virtual machine or the hypervisor itself via MDS vulnerabilities.
There are two known attack vector variants for MDS at the Hypervisor level:
* Sequential-context attack vector (Inter-VM): a malicious VM can potentially
infer recently accessed data of a previous context (hypervisor thread or
other VM thread) on either logical processor of a processor core.
* Concurrent-context attack vector (Inter-VM): a malicious VM can potentially
infer recently accessed data of a concurrently executing context
(hypervisor thread or other VM thread) on the other logical processor of
the Hyper-Threading-enabled processor core.
Resolution:
* The Sequential-context attack vector (Inter-VM): is mitigated by a
Hypervisor update to the product versions listed in the table below. These
mitigations are dependent on Intel microcode updates (provided in separate
ESXi patches for most Intel hardware platforms) listed in the table below.
This mitigation is enabled by default and does not impose a significant
performance impact.
* The Concurrent-context attack vector (Inter-VM): is mitigated through
enablement of the ESXi Side-Channel-Aware Scheduler Version 1 or Version 2.
These options may impose a non-trivial performance impact and are not
enabled by default.
Workarounds:
* There are no known Hypervisor-Specific workarounds for the MDS class of
vulnerabilities.
Additional Documentation:
* vSphere: KB67577 should be thoroughly reviewed to ensure a strong
understanding of the Hypervisor-Specific Mitigations enablement process for
MDS and potential CPU capacity impacts
* Workstation/Fusion: KB68025 should be thoroughly reviewed to ensure a
strong understanding of the Hypervisor-Specific Mitigations
enablement process for MDS and potential CPU capacity impacts.
Notes:
* VMware Hypervisors running on 2nd Generation Intel? Xeon Scalable
Processors (formerly known as Cascade Lake) are not affected by MDS
vulnerabilities.
Acknowledgements:
* None.
Resolution Matrix:
+----------------------------------------------------------------------------------------------------------+
|Product |Version|Running|CVE Identifier|CVSSv3|Severity|Fixed Version |Workarounds|Additional |
| | |On | | | | | |Documentation|
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
|vCenter |6.7 |Any |N/A |N/A |N/A |6.7 U2a |None |KB67577 |
|Server^1 | | | | | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
|vCenter |6.5 |Any |N/A |N/A |N/A |6.5 U2g |None |KB67577 |
|Server^1 | | | | | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
|vCenter |6.0 |Any |N/A |N/A |N/A |6.0 U3i |None |KB67577 |
|Server^1 | | | | | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | |ESXi670-201905401-BG | | |
|ESXi |6.7 |Any |CVE-2018-12127|6.5 |Moderate|ESXi670-201905402-BG^|None |KB67577 |
| | | |CVE-2018-12130| | |2 | | |
| | | |CVE-2019-11091| | |ESXi670-201905403-BG | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | |ESXi650-201905401-BG | | |
|ESXi |6.5 |Any |CVE-2018-12127|6.5 |Moderate|ESXi650-201905402-BG^|None |KB67577 |
| | | |CVE-2018-12130| | |2 | | |
| | | |CVE-2019-11091| | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | |ESXi600-201905401-BG | | |
|ESXi |6.0 |Any |CVE-2018-12127|6.5 |Moderate|ESXi600-201905402-BG^|None |KB67577 |
| | | |CVE-2018-12130| | |2 | | |
| | | |CVE-2019-11091| | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|Workstation|15.x |Any |CVE-2018-12127|6.5 |Moderate|15.1.0 |None |KB68025 |
| | | |CVE-2018-12130| | | | | |
| | | |CVE-2019-11091| | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|Fusion |11.x |Any |CVE-2018-12127|6.5 |Moderate|11.1.0 |None |KB68025 |
| | | |CVE-2018-12130| | | | | |
| | | |CVE-2019-11091| | | | | |
+----------------------------------------------------------------------------------------------------------+
1. vCenter updates are listed in the above table as a requirement for
Hypervisor-Specific Mitigations as these updates include enhanced EVC modes
which support the new MD-CLEAR functionality included in ESXi microcode
updates.
2. These patches contain updated microcode. At the time of this publication
Sandy Bridge DT/EP Microcode Updates (MCUs) had not yet been provided to
VMware. Customers on this microarchitecture may request MCUs from their
hardware vendor in the form of a BIOS update. This microcode will be included
in future releases of ESXi.
3b. Hypervisor-Assisted Guest Mitigations for MDS vulnerabilities
- - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091
Description:
vCenter Server, ESXi, Workstation, and Fusion updates support
Hypervisor-Assisted Guest Mitigations for MDS speculative execution
vulnerabilities. These updates expose new CPU control bits via microcode listed
in the table below to the Virtual Machine layer. VMware has evaluated the
severity of these issues to be in the Moderate severity range with a maximum
CVSSv3 base score of 6.5.
Known Attack Vectors:
A malicious user must have local access to a virtual machine and the ability to
execute code to infer data otherwise protected by architectural mechanisms
within the Guest Operating System (Intra-VM) via MDS vulnerabilities. Virtual
Machines hosted by VMware Hypervisors running on 2nd Generation Intel? Xeon
Scalable Processors (formerly known as Cascade Lake) are not affected by MDS
vulnerabilities.
There are two known attack vector categories for MDS at the Virtual Machine
level:
* Sequential-context attack vector (Intra-VM): a malicious local user of a
Virtual Machine can potentially infer recently accessed data of a previous
context otherwise protected by architectural mechanisms in the context of
the same Virtual Machine.
* Concurrent-context attack vector (Intra-VM): a malicious local user of a
Virtual Machine can potentially infer recently accessed data of
a concurrently executing context on the other logical processor of the
Hyper-Threading-enabled processor core in the context of the same Virtual
Machine.
Resolution:
* Sequential-context attack vector (Intra-VM): mitigations are supported via
Hypervisor updates listed in the table below. These mitigations are then
enabled via Guest Operating System updates obtained through the operating
system vendor (for VMware appliances see section 3c). These mitigations are
dependent on Intel microcode updates (provided in separate ESXi patches for
most Intel hardware platforms) listed in the table below. This mitigation
is enabled by default and does not impose a significant performance impact.
* Concurrent-context attack vector (Intra-VM): is mitigated through
enablement of the ESXi Side-Channel-Aware Scheduler Version 1. The ESXi
Side-Channel-Aware Scheduler Version 2 does not mitigate
MDS Concurrent-context attack vectors at the Virtual Machine layer. These
options may impose a non-trivial performance impact and are not enabled by
default.
Guest Operating Systems will also require Operating System-Specific Mitigations
to support these Hypervisor-Assisted Guest Mitigations (see section 3c. for
VMware Virtual Appliances).
Workarounds:
* Operating System-Specific workarounds for VMware Virtual Appliances are
documented in section 3c.
Additional Documentation:
* KB68024 should be thoroughly reviewed to ensure a strong understanding of
the Hypervisor-Assisted Guest Mitigations enablement process for MDS and
potential CPU capacity impacts.
Notes:
* Virtual Machines hosted by VMware Hypervisors running on 2nd Generation
Intel? Xeon Scalable Processors (formerly known as Cascade Lake) are not
affected by MDS vulnerabilities.
Acknowledgements:
* None.
Resolution Matrix:
+----------------------------------------------------------------------------------------------------------+
|Product |Version|Running|CVE Identifier|CVSSv3|Severity|Fixed Version |Workarounds|Additional |
| | |On | | | | | |Documentation|
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
|vCenter |6.7 |Any |N/A |N/A |N/A |6.7 U2a |None |KB68024 |
|Server^1 | | | | | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
|vCenter |6.5 |Any |N/A |N/A |N/A |6.5 U2g |None |KB68024 |
|Server^1 | | | | | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
|vCenter |6.0 |Any |N/A |N/A |N/A |6.0 U3i |None |KB68024 |
|Server^1 | | | | | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | |ESXi670-201905401-BG | | |
|ESXi |6.7 |Any |CVE-2018-12127|6.5 |Moderate|ESXi670-201905402-BG^|None |KB68024 |
| | | |CVE-2018-12130| | |2 | | |
| | | |CVE-2019-11091| | |ESXi670-201905403-BG | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | |ESXi650-201905401-BG | | |
|ESXi |6.5 |Any |CVE-2018-12127|6.5 |Moderate|ESXi650-201905402-BG^|None |KB68024 |
| | | |CVE-2018-12130| | |2 | | |
| | | |CVE-2019-11091| | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | |ESXi600-201905401-BG | | |
|ESXi |6.0 |Any |CVE-2018-12127|6.5 |Moderate|ESXi600-201905402-BG^|None |KB68024 |
| | | |CVE-2018-12130| | |2 | | |
| | | |CVE-2019-11091| | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|Workstation|15.x |Any |CVE-2018-12127|6.5 |Moderate|15.1.0 |None |KB68024 |
| | | |CVE-2018-12130| | | | | |
| | | |CVE-2019-11091| | | | | |
|-----------+-------+-------+--------------+------+--------+---------------------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|Fusion |11.x |Any |CVE-2018-12127|6.5 |Moderate|11.1.0 |None |KB68024 |
| | | |CVE-2018-12130| | | | | |
| | | |CVE-2019-11091| | | | | |
+----------------------------------------------------------------------------------------------------------+
1. vCenter updates are listed in the above table as a requirement for
Hypervisor-Assisted Guest Mitigations as these updates include enhanced EVC
modes which support the new MD-CLEAR functionality included in ESXi microcode
updates.
2. These patches contain updated microcode. At the time of this publication
Sandy Bridge DT/EP Microcode Updates (MCUs) had not yet been provided to
VMware. Customers on this microarchitecture may request MCUs from their
hardware vendor in the form of a BIOS update. This microcode will be included
in future releases of ESXi.
3c. Operating System-Specific Mitigations for MDS vulnerabilities
- - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091
Description:
A malicious user must have local access to a virtual machine and the ability to
execute code to infer data otherwise protected by architectural mechanisms
within the Guest Operating System (Intra-VM) via MDS vulnerabilities.
Known Attack Vectors:
A malicious user must have local access to a virtual machine and the ability to
execute code to infer data otherwise protected by architectural mechanisms
within the Guest Operating System (Intra-VM) via MDS vulnerabilities.
There are two known attack vector categories for MDS at the Virtual Machine
level:
* Sequential-context attack vector (Intra-VM): a malicious local user of a
Virtual Machine can potentially infer recently accessed data of a previous
context otherwise protected by architectural mechanisms in the context of
the same Virtual Machine.
* Concurrent-context attack vector (Intra-VM): a malicious local user of a
Virtual Machine can potentially infer recently accessed data of
a concurrently executing context on the other logical processor of the
Hyper-Threading-enabled processor core in the context of the same Virtual
Machine.
Resolution:
* Sequential-context attack vector (Intra-VM): mitigations are supported
via Hypervisor-Assisted Guest Mitigations enumerated in section 3b and
enabled via updated Linux kernels included with Virtual Appliance releases
shown in the table below. These mitigations are dependent on Intel
microcode updates (provided in separate ESXi patches for most Intel
hardware platforms) listed in the table below.
* Concurrent-context attack vector (Intra-VM): is mitigated through
enablement of the ESXi Side-Channel-Aware Scheduler. The ESXi
Side-Channel-Aware Scheduler Version 2 introduced in 6.7u2 does NOT
mitigate MDS Intra-VM Concurrent-context attack vectors at the Virtual
Machine layer. These options may impose a non-trivial performance impact
and are not enabled by default.
Workarounds:
* Some VMware Virtual Appliances can workaround MDS vulnerabilities by
disabling local non-administrative accounts to ensure there is no available
path for a malicious user to execute code.
Additional Documentation:
* None.
Notes:
* Virtual Machines hosted by VMware Hypervisors running on 2nd Generation
Intel Xeon Scalable Processors (formerly known as Cascade Lake) are not
affected by MDS vulnerabilities.
* VMware Virtual Appliances NOT listed in the Resolution Matrix below do not
have valid attack vectors under supported configurations and are considered
unaffected.
Acknowledgements:
* None.
Resolution Matrix:
+---------------------------------------------------------------------------------------------+
|Product |Version|Running |CVE Identifier|CVSSv3|Severity|Fixed |Workarounds|Additional |
| | |On | | | |Version| |Documentation|
|----------+-------+---------+--------------+------+--------+-------+-----------+-------------|
|vCloud | | |CVE-2018-12126| | | | | |
|Usage |x.x |Virtual |CVE-2018-12127|6.5 |Moderate|Patch |KB52467 |None |
|Meter | |Appliance|CVE-2018-12130| | |Pending| | |
| | | |CVE-2019-11091| | | | | |
|----------+-------+---------+--------------+------+--------+-------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|Identity |x.x |Virtual |CVE-2018-12127|6.5 |Moderate|Patch |KB52284 |None |
|Manager | |Appliance|CVE-2018-12130| | |Pending| | |
| | | |CVE-2019-11091| | | | | |
|----------+-------+---------+--------------+------+--------+-------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|vCenter |6.7 |Virtual |CVE-2018-12127|6.5 |Moderate|6.7u2c |KB52312 |None |
|Server | |Appliance|CVE-2018-12130| | | | | |
| | | |CVE-2019-11091| | | | | |
|----------+-------+---------+--------------+------+--------+-------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|vCenter |6.5 |Virtual |CVE-2018-12127|6.5 |Moderate|6.5u3 |KB52312 |None |
|Server | |Appliance|CVE-2018-12130| | | | | |
| | | |CVE-2019-11091| | | | | |
|----------+-------+---------+--------------+------+--------+-------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|vCenter |6.0 |Virtual |CVE-2018-12127|6.5 |Moderate|Patch |KB52312 |None |
|Server | |Appliance|CVE-2018-12130| | |Pending| | |
| | | |CVE-2019-11091| | | | | |
|----------+-------+---------+--------------+------+--------+-------+-----------+-------------|
|VMware | | |CVE-2018-12126| | | | | |
|Data |6.x |Virtual |CVE-2018-12127|6.5 |Moderate|Patch |None |None |
|protection| |Appliance|CVE-2018-12130| | |Pending| | |
| | | |CVE-2019-11091| | | | | |
|----------+-------+---------+--------------+------+--------+-------+-----------+-------------|
|VMware | | |CVE-2018-12126| | | | | |
|Integrated|1.x |Virtual |CVE-2018-12127|6.5 |Moderate|Patch |None |None |
|Containers| |Appliance|CVE-2018-12130| | |Pending| | |
| | | |CVE-2019-11091| | | | | |
|----------+-------+---------+--------------+------+--------+-------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|vRealize |7.x |Virtual |CVE-2018-12127|6.5 |Moderate|Patch |KB52377 |None |
|Automation| |Appliance|CVE-2018-12130| | |Pending| | |
| | | |CVE-2019-11091| | | | | |
|----------+-------+---------+--------------+------+--------+-------+-----------+-------------|
| | | |CVE-2018-12126| | | | | |
|vRealize | |Virtual |CVE-2018-12127| | |Patch | | |
|Automation|6.x |Appliance|CVE-2018-12130|6.5 |Moderate|Pending|KB52497 |None |
| | | |CVE-2019-11091| | | | | |
| | | | | | | | | |
+---------------------------------------------------------------------------------------------+
4. References:
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091
Fixed Version(s) and Release Notes:
vCenter 6.7 U2c
https://my.vmware.com/web/vmware/details?downloadGroup=VC67U2C&productId=742
vCenter 6.7 U2a
https://my.vmware.com/group/vmware/get-download?downloadGroup=VC67U2A
vCenter 6.5 u3
https://my.vmware.com/web/vmware/details?downloadGroup=VC65U3&productId=614
vCenter 6.5 U2g
https://my.vmware.com/group/vmware/get-download?downloadGroup=VC65U2G
vCenter 6.0 U3i
https://my.vmware.com/group/vmware/get-download?downloadGroup=VC60U3I
ESXi 6.7, Patch Release ESXi670-201905001
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201905001.html
ESXi 6.5, Patch Release ESXi650-201905001
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201905001.html
ESXi 6.0, Patch Release ESXi600-201905001
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201905001.html
VMware Workstation 15.1.0
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Fusion 11.1.0
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
Workarounds:
https://kb.vmware.com/s/article/52467
https://kb.vmware.com/s/article/52284
https://kb.vmware.com/s/article/52312
https://kb.vmware.com/s/article/52377
https://kb.vmware.com/s/article/52497
Additional Documentation:
https://kb.vmware.com/s/article/67577
https://kb.vmware.com/s/article/68025
https://kb.vmware.com/s/article/68024
5. Change Log:
2019-05-14: Initial security advisory in conjunction with vSphere, Workstation,
and Fusion updates and patches released on 2019-05-14.
2019-08-05: VMSA-2019-0008.1
Updated security advisory with Operating System-Specific Mitigations included
with vCenter Server Appliance 6.7u2c and vCenter Server Appliance 6.5u3.
6. Contact:
E-mail list for product security notifications and announcements: http://
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
Copyright 2019 VMware Inc. All rights reserved.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXUjI82aOgq3Tt24GAQj1bA/7BhYDSXvNKRv12Pj0mJSpWOLl81Pz5NFX
Iwc3KOKV6SdkqIc68c+t7vk61dgxqnA7kQZC8pv9007eRu2sGqraEI8a8lEl8XmW
b9vW+jcaCTKIJORZdQTZrQdT4obczZriQYbh/7WAVL1dwS7o87xNHk14oVg8zvmK
qiHraDxMtpLL2VMOfNR+85qVstedeelRGhBSJ0oGoUmcBWKr5RA0Fam5EmYlIWE1
9AUzUgJ6g2CGwuBFSKH8F1kZZscemrpObxsozJadZVpCtTRONhw2t3VdKrlG8iaC
eEx1Cfippqd5yBvhr7Sbe0ESnj3J7TS9GREkdc23b4BsThunDHwvSx4+pv5NQ8hK
n+xxZUeqtaledUC8hTmV8dYCn95D5tRCtvtFxUD6UakvybRiTFs7oxK7gYX0r1Qk
Fk652BcHRibLqwEyIVzbTRO8ON+sMZmk9JvpttuExC30IVHORHP+V5kG0VjGszVO
dcfkn1iuVMmYJV8PYDhqdG+9G3kItrDFvU8+y/KT+OGKN5LMy5hzMPHxKwFkHaAn
XBhrjG8HizbcOJP6+Hx9QiVf4TP4cbj/jXCx0go4exRAyrjRgTdI2hhHBy6j3BJr
aGdOkyMqQW99Y/69lOXw165LivYIm9tPN7egeis7J5KKSbHWeAXNWYHuwl16juBD
p/WB7mPfLkw=
=1bqC
-----END PGP SIGNATURE-----