[Security-announce] VMSA-2018-0020 VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability. [Security-announce] New VMSA-2018-0022 - VMware Workstation and Fusion updates address an out-of-bounds write issue Both require update of Workstation 14.x Any Critical 14.1.3 to VMware-Workstation-Full-14.1.3-9474260.x86_64.bundle VMware Workstation 14.1.3 Pro Release Notes: https://docs.vmware.com/en/VMware-Workstation-Pro/14/rn/workstation-1413-release-notes.html Predecessor: Bug 644946 ... vmware-workstation-14.1.2 version bump ...
New ebuild names: vmware-workstation-14.1.3.9474260.ebuild vmware-modules-329.1.3.ebuild VMWARE_FUSION_VER="10.1.3_9472307" : VMware Fusion 10.1.3 Release Notes: https://docs.vmware.com/en/VMware-Fusion/10/rn/fusion-1013-release-notes.html?src=vmw_so_vex_akjaer_1025 vmware-tools: atm, still pointing (link) to former 10.2.5-8068393 : http://softwareupdate.vmware.com/cds/vmw-desktop/ http://softwareupdate.vmware.com/cds/vmw-desktop/ws/14.1.3/9474260/linux/packages/vmware-tools-linux-10.2.5-8068393.x86_64.component.tar
(In reply to Manfred Knick from comment #0) > Predecessor: Bug 644946 > ... vmware-workstation-14.1.2 version bump ... ATM, I'm successfully running [IP-] [ ] sys-kernel/gentoo-sources-4.17.14:4.17.14 together with [IP-] [ ] sys-firmware/nvidia-firmware-340.32:0 [IP-] [ ] x11-drivers/nvidia-drivers-396.51:0/396 http://rglinuxtech.com/?p=2381 : "Kernel – 4.18 Finally Released – OK with latest NVIDIA, and Patched VMware" As expected, after changes in -rc7, the latest NVIDIA and (patched) VMware all compile/load OK.. Tested with VMware 14.1.2 with the vmmon patch, and NVIDIA 390.77 and 396.51. "
(In reply to Manfred Knick from comment #2) > Tested with VMware 14.1.2 with the vmmon patch, http://rglinuxtech.com/?p=2322 pointing to https://github.com/mkubecek/vmware-host-modules/commit/3f2a6c720f68 : vmmon: compatibility with eventpoll switch to poll_mask() Since commit 11c5ad0ec441 ("eventpoll: switch to ->poll_mask") in v4.18-rc1, eventpoll switched from ->poll() to ->poll_mask(). Rather than calling the callback directly (which would result in null pointer dereference), use vfs_poll() wrapper. As this wrapper is only available since 4.18-rc1 cycle as well, provide a copy to use when building against older kernels.
Arch Linux User Repository: Package Details: vmware-workstation 14.1.3-1 https://aur.archlinux.org/packages/vmware-workstation/
VMware Tools : https://docs.vmware.com/de/VMware-Tools/ https://docs.vmware.com/de/VMware-Tools/10.3/rn/vmware-tools-1030-release-notes.html https://packages.vmware.com/tools/releases/index.html
app-emulation/vmware-workstation-14.1.3.9474260 and app-emulation/vmware-modules-329.1.3 are available in my overlay: https://github.com/stefantalpalaru/gentoo-overlay
(In reply to Ștefan Talpalaru from comment #6) CONFIRMATION: quick test --> WORKSFORME Thanks to Stefan for a very quick update!
(In reply to Manfred Knick from comment #3) > (In reply to Manfred Knick from comment #2) > > > Tested with VMware 14.1.2 with the vmmon patch, > > http://rglinuxtech.com/?p=2322 > > pointing to > > https://github.com/mkubecek/vmware-host-modules/commit/3f2a6c720f68 : > > vmmon: compatibility with eventpoll switch to poll_mask() > > Since commit 11c5ad0ec441 ("eventpoll: switch to ->poll_mask") in > v4.18-rc1, eventpoll switched from ->poll() to ->poll_mask(). Rather than > calling the callback directly (which would result in null pointer > dereference), use vfs_poll() wrapper. As this wrapper is only available > since 4.18-rc1 cycle as well, provide a copy to use when building against > older kernels. Thanks to mkubecek for pointing out the problem! I wanna just say that the patch will be probably needed with stable 4.19 because with current 4.18.0 the offending kernel commit is not included yet
-------- Weitergeleitete Nachricht -------- Betreff: [Security-announce] Updated VMSA-2018-0017.3 - VMware Tools update addresses an out-of-bounds read vulnerability Datum: Fri, 7 Sep 2018 01:20:27 +0000 Von: VMware Security Announcements <security-announce@lists.vmware.com> Antwort an: security@vmware.com An: security-announce@vmware.com <security-announce@vmware.com> VMSA-2018-0017.3 2018-09-06 VMware Tools 10.3.0 is is discontinued because of a functional issue with 10.3.0 in ESXi 6.5, please refer to KB55796 for more information. _______________________________________________ Security-announce mailing list Security-announce@lists.vmware.com https://lists.vmware.com/mailman/listinfo/security-announce
Correct KB article: [ https://kb.vmware.com/s/article/57796 ] ONLY vSphere ESXi 6.5 hosts are affected; not our vmware-workstation ebuild.
(In reply to Manfred Knick from comment #10) > [ https://kb.vmware.com/s/article/57796 ] UPDATE: "... VMware recommends upgrading to VMware Tools 10.3.2 ..." <--- ! "VMware Tools 10.3.2 is available from the VMware Downloads page." pointing to Download VMware Tools 10.3.2 Release-Datum 2018-09-12 https://my.vmware.com/de/web/vmware/details?downloadGroup=VMTOOLS1032&productId=742 VMware Tools 10.3.2 Release Notes Zuletzt aktualisiert 12.09.2018 https://docs.vmware.com/en/VMware-Tools/10.3/rn/vmware-tools-1032-release-notes.html This contains the following REMINDER for FreeBSD: Compatibility Notes Starting with VMware Tools version 10.2.0, Perl script-based VMware Tools installation for FreeBSD has been discontinued. FreeBSD systems are supported only through the open-vm-tools packages directly available from FreeBSD package repositories. FreeBSD packages for open-vm-tools 10.1.0 and later are available from FreeBSD package repositories. @ Stefan: In future versions, please, invalidate USE="vmware-tools-freebsd". Thanks in advance! CONFIRMATION: After applying M$ September updtates and installing Tools frem downloaded / mounted ISO, first tests with { 7 | 8.1 | 10 (17134–1803) } succeeded.
(In reply to Ștefan Talpalaru from comment #6) > app-emulation/vmware-workstation-14.1.3.9474260 and > app-emulation/vmware-modules-329.1.3 are available in my overlay: > https://github.com/stefantalpalaru/gentoo-overlay FYI your ebuilds work out of the box for me for: VMware-Workstation-Full-15.0.0-10134415.x86_64.bundle Thanks!
Thanks for the heads-up, Cameron. vmware-workstation-15.0.0.10134415 and vmware-modules-330.0.0 are now available in my overlay. Manfred, I removed the FreeBSD guest tools.
VMware Security Advisory Advisory ID: VMSA-2018-0027 Severity: Critical Synopsis: VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage Issue date: 2018-11-09 Updated on: 2018-11-09 (Initial Advisory) CVE number: CVE-2018-6981, CVE-2018-6982 :: Workstation 14.x Any Critical 14.1.4 @ Stefan: 14.x Licenses keep being valid until 2019 / 03 / 26 . Could you please consider re-providing vmware-workstation-14.1.4 as well as vmware-modules-329.1.4 in your overlay until then? Thanks Kind regards Manfred
(In reply to Cameron from comment #12) (In reply to Ștefan Talpalaru from comment #13) |--> Bug 671218 - [vmware overlay] app-emulation/vmware-workstation-15.0 version bump
# /usr/portage/profiles/package.mask: # Pacho Ramos <pacho@gentoo.org> (11 Nov 2018) # Dead for years (#425156) with security issues (#534540). # Removal in a month. =x11-libs/gksu-2.0.2-r2 =x11-libs/libgksu-2.0.12-r4 Bug 425156 - x11-libs/gksu: replace with pkexec in application launchers Bug 534540 - x11-libs/gksu: Improper sanitization of user-supplied input (CVE-2014-2886) References of 'gksu' in vmware-workstation-14.1.3.9474260.ebuild : line 196: RDEPEND x11-libs/gksu line 462 ff: esp. 464 # create symlinks for the various tools line 471 ff: esp. 475 # fix permissions line 504 ff: esp. 510 /etc/vmware/config @ Stefan: I get the impression that only elements provided by the package itself are being used: # cd /opt/vmware && ls -h -AlgR | grep gksu vmware-gksu gksu-run-helper libvmware-gksu.so Removing the RDEPEND_ency in the ebuild, <---------- un-merging both gksu and libgksu, - workstation still starts and works VMs; - Edit -> Virtual Network Editor as well as - Help -> Enter Serial number ask for root password and open up correctly.
I brought back VMware Workstation 14 with vmware-workstation-14.1.4.10722678 and vmware-modules-329.1.4 .
[Security-announce] VMSA-2018-0030 "VMware Workstation and Fusion updates address an integer overflow issue" VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply patch Workaround ========== ======= ====== ======== ============= =========== Workstation 14.x Any Critical 14.1.5 None [ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6983 ]
version bumped
Very unfortunately, . . . [vmware-overlay] had to be been closed down and was removed from overlays/repositories.xml: . . . Bug 627666 - vmware: no reply to project status mail . . . [ https://bugs.gentoo.org/627666#c8 ] Currently up-to-date and perfectly working versions of vmware-workstation: c.f. - Bug 663670 and - Bug 671218 HINT concerning vmware-player: - just install above; - vmware-player will be included :-) ATM, further maintenance is continued in (experimental) [ stefantalpalaru ] overlay.
EOL https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/product-lifecycle-matrix.pdf
