<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:8pt;color:#000000;font-family:'Courier New',monospace;" dir="ltr">
<div>-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
- ----------------------------------------------------------------------<br>
VMware Security Advisory<br>
<br>
Advisory ID: VMSA-2018-0016<br>
Severity: Important<br>
Synopsis: VMware ESXi, Workstation, and Fusion updates address<br>
multiple out-of-bounds read vulnerabilities<br>
Issue date: 2018-06-28<br>
Updated on: 2018-06-28 (Initial Advisory)<br>
CVE number: CVE-2018-6965, CVE-2018-6966, CVE-2018-6967<br>
<br>
<br>
1. Summary<br>
<br>
VMware ESXi, Workstation, and Fusion updates address multiple<br>
out-of-bounds read vulnerabilities<br>
<br>
2. Relevant Releases<br>
<br>
VMware vSphere ESXi (ESXi)<br>
VMware Workstation Pro / Player (Workstation)<br>
VMware Fusion Pro, Fusion (Fusion)<br>
<br>
3. Problem Description<br>
<br>
ESXi, Workstation, and Fusion multiple out-of-bounds read<br>
vulnerabilities<br>
<br>
VMware ESXi, Workstation and Fusion contain multiple out-of-bounds<br>
read vulnerabilities in the shader translator. Successful<br>
exploitation of these issues may lead to information disclosure or<br>
may allow attackers with normal user privileges to crash their VMs.<br>
<br>
VMware would like to thank RanchoIce of Tencent ZhanluLab<br>
(CVE-2018-6965, CVE-2018-6966, CVE-2018-6967) and a member of Cisco<br>
Talos (CVE-2018-6965) for independently reporting these issues to us.<br>
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org) has<br>
assigned the identifiers CVE-2018-6965, CVE-2018-6966, and<br>
CVE-2018-6967 to these issues.<br>
<br>
Column 5 of the following table lists the action required to<br>
remediate the vulnerability in each release, if a solution is<br>
available.<br>
<br>
VMware Product Running Replace with/ Mitigation/<br>
Product Version on Severity Apply patch Workaround<br>
=========== ======= ======= ======== ============= ==========<br>
ESXi 6.7 Any Important ESXi670-201806401-BG None<br>
ESXi 6.5 Any N/A not affected N/A<br>
ESXi 6.0 Any N/A not affected N/A<br>
ESXi 5.5 Any N/A not affected N/A<br>
Workstation 14.x Any Important 14.1.2 None<br>
Fusion 10.x OS X Important 10.1.2 None<br>
<br>
4. Solution<br>
<br>
Please review the patch/release notes for your product and<br>
version and verify the checksum of your downloaded file.<br>
<br>
ESXi 6.7 <br>
-------------<br>
Downloads: <br>
https://my.vmware.com/group/vmware/patch <br>
Documentation: <br>
http://kb.vmware.com/kb/55920<br>
<br>
VMware Workstation Pro 14.1.2<br>
Downloads and Documentation:<br>
https://www.vmware.com/go/downloadworkstation<br>
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html<br>
<br>
VMware Workstation Player 14.1.2 <br>
Downloads and Documentation:<br>
https://www.vmware.com/go/downloadplayer<br>
https://docs.vmware.com/en/VMware-Workstation-Player/index.html <br>
<br>
VMware Fusion Pro / Fusion 10.1.2<br>
Downloads and Documentation: <br>
https://www.vmware.com/go/downloadfusion <br>
https://docs.vmware.com/en/VMware-Fusion/index.html <br>
<br>
<br>
5. References<br>
<br>
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6965<br>
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6966<br>
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6967<br>
http://kb.vmware.com/kb/55920<br>
<br>
- -----------------------------------------------------------------------<br>
<br>
6. Change log<br>
<br>
2018-06-28 VMSA-2018-0016<br>
Initial security advisory in conjunction with the release of ESXi<br>
6.7 patches on 2018-06-28<br>
<br>
- -----------------------------------------------------------------------<br>
<br>
7. Contact<br>
<br>
E-mail list for product security notifications and announcements:<br>
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce<br>
<br>
This Security Advisory is posted to the following lists:<br>
<br>
security-announce@lists.vmware.com<br>
bugtraq@securityfocus.com<br>
fulldisclosure@seclists.org<br>
<br>
E-mail: security@vmware.com<br>
PGP key at: https://kb.vmware.com/kb/1055<br>
<br>
VMware Security Advisories<br>
http://www.vmware.com/security/advisories<br>
<br>
VMware Security Response Policy<br>
https://www.vmware.com/support/policies/security_response.html<br>
<br>
VMware Lifecycle Support Phases<br>
https://www.vmware.com/support/policies/lifecycle.html<br>
<br>
VMware Security & Compliance Blog<br>
https://blogs.vmware.com/security<br>
<br>
Twitter<br>
https://twitter.com/VMwareSRC<br>
<br>
Copyright 2018 VMware Inc. All rights reserved.<br>
<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: Encryption Desktop 10.4.1 (Build 490)<br>
Charset: utf-8<br>
<br>
wj8DBQFbNbokDEcm8Vbi9kMRAuemAJ9KfqaNXH97qDRr983dlid0okjKfQCgqFwz<br>
mMrpzDj+kjGjhokpusGbqt8=<br>
=qnoI<br>
-----END PGP SIGNATURE-----<br>
</div>
<br>
</div>
</body>
</html>