<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Menlo;
        panose-1:2 11 6 9 3 8 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {mso-style-priority:99;
        mso-style-link:"Plain Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:Menlo;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.PlainTextChar
        {mso-style-name:"Plain Text Char";
        mso-style-priority:99;
        mso-style-link:"Plain Text";
        font-family:Menlo;}
span.EmailStyle20
        {mso-style-type:personal;
        font-family:Menlo;
        color:windowtext;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText">-----BEGIN PGP SIGNED MESSAGE-----</p>
<p class="MsoPlainText">Hash: SHA1</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">- ------------------------------------------------------------------------</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; VMware Security Advisory</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">Advisory ID: VMSA-2018-0021</p>
<p class="MsoPlainText">Severity:&nbsp;&nbsp;&nbsp; Moderate</p>
<p class="MsoPlainText">Synopsis:&nbsp;&nbsp;&nbsp; Operating System-Specific Mitigations address L1 Terminal</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Fault - OS vulnerability in VMware Virtual Appliances.</p>
<p class="MsoPlainText">Issue date:&nbsp; 2018-08-14</p>
<p class="MsoPlainText">Updated on:&nbsp; 2018-08-14 (Initial Advisory)</p>
<p class="MsoPlainText">CVE number:&nbsp; CVE-2018-3620</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">1. Summary</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Operating System-Specific Mitigations address L1 Terminal Fault - OS</p>
<p class="MsoPlainText">&nbsp;&nbsp; vulnerability in VMware Virtual Appliances.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; The mitigations in this advisory are categorized as Operating System</p>
<p class="MsoPlainText">&nbsp;&nbsp; Specific Mitigations described by VMware Knowledge Base article</p>
<p class="MsoPlainText">&nbsp;&nbsp; 55636.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">2. Relevant Products</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; vCloud Usage Meter (UM)</p>
<p class="MsoPlainText">&nbsp;&nbsp; Identity Manager (vIDM)</p>
<p class="MsoPlainText">&nbsp;&nbsp; vCenter Server (vCSA)</p>
<p class="MsoPlainText">&nbsp;&nbsp; vSphere Data Protection (VDP)</p>
<p class="MsoPlainText">&nbsp;&nbsp; vSphere Integrated Containers (VIC)</p>
<p class="MsoPlainText">&nbsp;&nbsp; vRealize Automation (vRA)</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">3. Problem Description</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Virtual Appliance Mitigations address L1 Terminal Fault - OS</p>
<p class="MsoPlainText">&nbsp;&nbsp; vulnerability. Successful exploitation of this issue may lead to</p>
<p class="MsoPlainText">&nbsp;&nbsp; local information disclosure of sensitive information. Unaffected</p>
<p class="MsoPlainText">&nbsp;&nbsp; products lines are documented in KB55807.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; The Common Vulnerabilities and Exposures project (cve.mitre.org) has</p>
<p class="MsoPlainText">&nbsp;&nbsp; assigned the identifier CVE-2018-3620 to this issue.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Column 5 of the following table lists the action required to</p>
<p class="MsoPlainText">&nbsp;&nbsp; remediate the vulnerability in each release, if a solution is</p>
<p class="MsoPlainText">&nbsp;&nbsp; available.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Product&nbsp;&nbsp; Running&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Replace with/&nbsp;&nbsp;&nbsp;&nbsp; Mitigation/</p>
<p class="MsoPlainText">&nbsp;&nbsp; Product&nbsp;&nbsp;&nbsp;&nbsp; Version&nbsp;&nbsp; on&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Severity&nbsp; Apply Patch&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Workaround</p>
<p class="MsoPlainText">&nbsp;&nbsp; =========== ========= ======= ========= ================= ==========</p>
<p class="MsoPlainText">&nbsp;&nbsp; UM &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3.x&nbsp; VA&nbsp;&nbsp;&nbsp; Moderate&nbsp; Patch Pending&nbsp;&nbsp;&nbsp;&nbsp; KB52467</p>
<p class="MsoPlainText">&nbsp;&nbsp; vIDM&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3.x,2.x&nbsp;&nbsp;&nbsp; VA&nbsp;&nbsp;&nbsp; Moderate&nbsp; Patch Pending&nbsp;&nbsp;&nbsp;&nbsp; KB52284</p>
<p class="MsoPlainText">&nbsp;&nbsp; vCSA&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6.7&nbsp; VA&nbsp;&nbsp;&nbsp; Moderate&nbsp; Patch Pending&nbsp;&nbsp;&nbsp;&nbsp; KB52312&nbsp;&nbsp;
</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;vCSA&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6.5&nbsp; VA&nbsp;&nbsp;&nbsp; Moderate&nbsp; Patch Pending&nbsp;&nbsp;&nbsp;&nbsp; KB52312</p>
<p class="MsoPlainText">&nbsp;&nbsp; vCSA&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6.0&nbsp; VA&nbsp;&nbsp;&nbsp; Moderate&nbsp; Patch Pending &nbsp;&nbsp;&nbsp;&nbsp;KB52312</p>
<p class="MsoPlainText">&nbsp;&nbsp; vCSA&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5.5&nbsp; VA&nbsp;&nbsp;&nbsp; N/A&nbsp;&nbsp; &nbsp;&nbsp; Unaffected&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; N/A</p>
<p class="MsoPlainText">&nbsp;&nbsp; VDP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6.x&nbsp; VA&nbsp;&nbsp;&nbsp; Moderate&nbsp; Patch Pending&nbsp;&nbsp;&nbsp;&nbsp; None</p>
<p class="MsoPlainText">&nbsp;&nbsp; VIC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1.x&nbsp; VA&nbsp;&nbsp;&nbsp; Moderate&nbsp; Patch Pending&nbsp;&nbsp;&nbsp;&nbsp; None</p>
<p class="MsoPlainText">&nbsp;&nbsp; vRA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 7.x&nbsp; VA&nbsp;&nbsp;&nbsp; Moderate&nbsp; Patch Pending&nbsp;&nbsp;&nbsp;&nbsp; KB52377</p>
<p class="MsoPlainText">&nbsp;&nbsp; vRA&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 6.x&nbsp; VA&nbsp;&nbsp;&nbsp; Moderate&nbsp; Patch Pending&nbsp;&nbsp;&nbsp;&nbsp; KB52497</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">4. Solution</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Pending</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">5. References</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://kb.vmware.com/kb/55807</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://kb.vmware.com/kb/55636</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">- ------------------------------------------------------------------------</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">6. Change log</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; 2018-08-14: Initial security advisory.</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">- ------------------------------------------------------------------------</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">7. Contact</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; E-mail list for product security notifications and announcements:</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; This Security Advisory is posted to the following lists:</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp; security-announce@lists.vmware.com</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp; bugtraq@securityfocus.com</p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp; fulldisclosure@seclists.org</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; E-mail: security at vmware.com</p>
<p class="MsoPlainText">&nbsp;&nbsp; PGP key at: https://kb.vmware.com/kb/1055</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Security Advisories</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://www.vmware.com/security/advisories</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Security Response Policy</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://www.vmware.com/support/policies/security_response.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Lifecycle Support Phases</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://www.vmware.com/support/policies/lifecycle.html</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; VMware Security &amp; Compliance Blog&nbsp;&nbsp; </p>
<p class="MsoPlainText">&nbsp;&nbsp;&nbsp;https://blogs.vmware.com/security</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Twitter</p>
<p class="MsoPlainText">&nbsp;&nbsp; https://twitter.com/VMwareSRC</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">&nbsp;&nbsp; Copyright 2018 VMware Inc. All rights reserved.</p>
<p class="MsoPlainText">-----BEGIN PGP SIGNATURE-----</p>
<p class="MsoPlainText"><o:p>&nbsp;</o:p></p>
<p class="MsoPlainText">iF0EARECAB0WIQSmJMaUX5&#43;xuU/DnNwMRybxVuL2QwUCW3IF9AAKCRAMRybxVuL2</p>
<p class="MsoPlainText">QyVHAKDqyLm51zUbgGo6hkzd&#43;kjrSsZNagCfc&#43;HDDGmhA4VvtSvyjt68R1lZ0M0=</p>
<p class="MsoPlainText">=l7vK</p>
<p class="MsoPlainText">-----END PGP SIGNATURE-----</p>
</div>
</body>
</html>