New VMware Security Advisories VMSA-2017-0018 and VMSA-2017-0019
VMware released VMSA-2017-0018 and VMSA-2017-0019.
VMSA-2017-0018 – VMware Workstation, Fusion, and Horizon View Client updates resolve multiple security vulnerabilities
This documents critical and moderate severity vulnerabilities affecting VMware Horizon View Client for Windows 4.x, Workstation 12.x and Fusion 8.x.
Issue (a) is a heap-based buffer overflow vulnerability (CVE-2017-4934) which affects VMware Workstation and Fusion and may allow a guest to execute code on the host. This issue has been addressed in VMware Workstation 12.5.8 and Fusion 8.5.9.
Issues (b) and (c) are out-of-bounds read/write vulnerabilities (CVE-2017-4935, CVE-2017-4936 and CVE-2017-4937) in JPEG2000 parser in the TPView.dll. These issues exist due the use of vulnerable Cortado ThinPrint component and impact VMware Horizon View Client for Windows and Workstation. Exploitation is possible only if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. These issues have been addressed in VMware Workstation 12.5.8 and Horizon View Client for Windows 4.6.1.
Read the entire article here, New VMware Security Advisories VMSA-2017-0018 and VMSA-2017-0019 – VMware Security & Compliance Blog
Via the fine folks at VMware!