Assignee: @ Gentoo Security
CC:       @ Gentoo VMWare Bug Squashers
CC:       @ Thomas Deutschmann <whissi@gentoo.org>

Upgrade to version 12.5.5 necessary; all former versions affected; no workaround.

Pre-decessor: Bug 612804  [ https://bugs.gentoo.org/show_bug.cgi?id=612804 ]

Same procedure ... 
Please, don't lose sight of [ https://bugs.gentoo.org/show_bug.cgi?id=612804#c11 ]

Ebuilds needed:
- app-emulation/vmware-modules-308.5.5.ebuild
- app-emulation/vmware-workstation-12.5.5.5234757.ebuild

Download:

[ https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/12_0 ]

Release-Notes, including descriptions:

[ http://pubs.vmware.com/Release_Notes/en/workstation/12pro/workstation-1255-release-notes.html ] :

<cite>

What's New

This release of VMware Workstation Pro is a free upgrade for all VMware Workstation 12 Pro users. It contains bug fixes and security updates.
Important Fixes

This release of VMware Workstation Pro addresses the following issues:

    VMware Workstation Pro has a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues might allow a guest virtual machine to execute code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-4902 (heap issue) and CVE-2017-4903 (stack issue) to these issues.
    The VMware Workstation Pro XHCI driver has uninitialized memory usage. This issue might allow a guest virtual machine to execute code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.
    VMware Workstation Pro has uninitialized memory usage. This issue might lead to an information leak.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.

</cite>


Reproducible: Always