Security Updates for all these VMWare products for the well known OpenSSL security issues. ... been updated to the OPENSSL library version openssl-0.9.8za where necessary to address CVE-2014-0224 , CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470. Release notes vmware-player: https://www.vmware.com/support/player60/doc/player-603-release-notes.html#knownissues Reproducible: Always
Workstation 10.0.3 is now in my overlay: https://github.com/gmt/gmt-vmware-overlay/. Enjoy!
Why hasn't this quite important security update hit portage after nearly a month?
for vmware-workstation simply copying the 10.0.2 ebuild and the vmware-modules 279.2 ebuild worked for me
I can not understand that these ebuilds are still not been updated. The rename of the available ebuilds has worked for me. I do not know if my procedure now is ok. But since it also comes to a safety problem and now after more than 2 months nothing has happened, I have now set security@gentoo.org on the CC list. Please rev bump the affected Ebuilds.
For Workstation, this is a non-issue on Gentoo. This update is not needed, because the system openssl library is used. The bundled openssl version is deleted during the install phase. However, this is only true for Workstation. The Player's openssl lib is NOT unbundled: # exclude OpenSSL from unbundling until the AES-NI patch gets into the tree # see http://forums.gentoo.org/viewtopic-t-835867.html
Changing this to a security bug. This is related to the SSL issues as were assigned an A1 for openssl.
*** Bug 524610 has been marked as a duplicate of this bug. ***
All bumped. Mostly untested so far but should be unproblematic. app-emulation/vmware-player-6.0.3.1895310 app-emulation/vmware-modules-279.3 app-emulation/vmware-workstation-10.0.3.1895310
All affected versions of vmware-player removed All affected versions of vmware-workstation package.masked (keeping 9 around for users who only have a license for that) Security please do your thing
(In reply to Andreas K. Hüttel from comment #9) > All affected versions of vmware-player removed > All affected versions of vmware-workstation package.masked (keeping 9 around > for users who only have a license for that) > > Security please do your thing @ security: ping
(In reply to Andreas K. Hüttel from comment #10) > (In reply to Andreas K. Hüttel from comment #9) > > All affected versions of vmware-player removed > > All affected versions of vmware-workstation package.masked (keeping 9 around > > for users who only have a license for that) > > > > Security please do your thing > > @ security: ping Andreas, no GLSA is required here due to the package never having been stabilized. I apologize for the delay.