Bug 637922

Summary:	[vmware] app-emulation/vmware-{workstation, player}-12.5.8 version bump [VMSA-2017-0018] multiple security vulnerabilities
Product:	Gentoo Linux	Reporter:	Manfred Knick <Manfred.Knick>
Component:	Overlays	Assignee:	Gentoo VMWare Bug Squashers [disabled] <vmware+disabled>
Status:	RESOLVED FIXED
Severity:	normal	CC:	whissi
Priority:	Normal	Keywords:	InOverlay
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	vmware-workstation-12.5.8.7098237.ebuild vmware-modules-308.5.8.ebuild

Description Manfred Knick 2017-11-17 10:00:48 UTC

Please, ASSIGN to:   security@gentoo.org
========================================

                               VMware Security Advisory

Advisory ID: VMSA-2017-0018
Severity:    Critical
Synopsis:    VMware Workstation, Fusion and Horizon View Client updates
             resolve multiple security vulnerabilities
Issue date:  2017-11-16
Updated on:  2017-11-16 (Initial Advisory)
CVE number:  CVE-2017-4934, CVE-2017-4935, CVE-2017-4936,
             CVE-2017-4937, CVE-2017-4938

1. Summary

   VMware Workstation, Fusion and Horizon View Client updates resolve
   multiple security vulnerabilities

2. Relevant Products

   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro / Fusion (Fusion)

Comment 1 Manfred Knick 2017-11-17 11:04:00 UTC

     Workstation :   7098237

     Modules :   308.5.8

     Tools :   still stay @ version 5214329


CONFIRMATION:

     Copy-renaming vmware-{workstation, modules} WORKSFORME .

Comment 2 Manfred Knick 2017-11-17 11:15:03 UTC

Created attachment 504554 [details]
vmware-workstation-12.5.8.7098237.ebuild

/usr/local/portage/local-overlay/
       app-emulation/vmware-workstation/vmware-workstation-12.5.8.7098237.ebuild

Comment 3 Manfred Knick 2017-11-17 11:17:11 UTC

Created attachment 504556 [details]
vmware-modules-308.5.8.ebuild

/usr/local/portage/local-overlay/
       app-emulation/vmware-modules/vmware-modules-308.5.8.ebuild

Comment 4 Manfred Knick 2017-11-17 11:25:55 UTC

==========================================
! EOL notice for Vmware-workstation-12.* :
==========================================

     END OF GENERAL SUPPORT:     2018 / 02 / 25

     END OF TECHNICAL GUIDANCE:        N.A.

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/product-lifecycle-matrix.pdf

( as already supplied in https://bugs.gentoo.org/634770#c14 )


=============================================
! current version : Vmware-workstation-14.0 :
=============================================

REFERENCE:

Bug 634770 - app-emulation/vmware-workstation-14.0.0 version bump

Comment 5 Manfred Knick 2017-11-17 14:14:25 UTC

Please, c.f.

    Attachment #504564 [details] to bug 634770 

    /usr/local/portage/local-overlay/app-emulation.tar

    https://bugs.gentoo.org/634770#c42

Comment 6 Manfred Knick 2017-11-17 17:07:57 UTC

REFERENCE:

Corresponding upgrade needed (c.f. comment 1) :

Bug 637948 - app-emulation/vmware-modules-308.5.8 version bump 
             [VMSA-2017-0018] multiple security vulnerabilities

Comment 7 Manfred Knick 2017-11-17 19:27:28 UTC

UPDATED:  ".1"

[Security-announce] Updated VMSA-2017-0018.1 - 
                    VMware Workstation, Fusion and Horizon View Client updates 
                    resolve multiple security vulnerabilities

Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev

2017-11-19 18:38:19 UTC

VMware was removed from Gentoo repository, therefore we don't track security vulnerabilities anymore.

Re-assigning to overlay.

Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev

2017-11-19 20:40:15 UTC

Fixed via https://gitweb.gentoo.org/proj/vmware.git/commit/?id=d6a56e2e13ccccece7cf7c054e7c3050d1309129