Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 637922 - [vmware] app-emulation/vmware-{workstation, player}-12.5.8 version bump [VMSA-2017-0018] multiple security vulnerabilities
Summary: [vmware] app-emulation/vmware-{workstation, player}-12.5.8 version bump [VMSA...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Overlays (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo VMWare Bug Squashers [disabled]
URL:
Whiteboard:
Keywords: InOverlay
Depends on:
Blocks:
 
Reported: 2017-11-17 10:00 UTC by Manfred Knick
Modified: 2017-11-19 20:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
vmware-workstation-12.5.8.7098237.ebuild (vmware-workstation-12.5.8.7098237.ebuild,16.92 KB, text/plain)
2017-11-17 11:15 UTC, Manfred Knick 		Details
vmware-modules-308.5.8.ebuild (vmware-modules-308.5.8.ebuild,5.94 KB, text/plain)
2017-11-17 11:17 UTC, Manfred Knick 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Manfred Knick 2017-11-17 10:00:48 UTC 
Please, ASSIGN to:   security@gentoo.org
========================================

                               VMware Security Advisory

Advisory ID: VMSA-2017-0018
Severity:    Critical
Synopsis:    VMware Workstation, Fusion and Horizon View Client updates
             resolve multiple security vulnerabilities
Issue date:  2017-11-16
Updated on:  2017-11-16 (Initial Advisory)
CVE number:  CVE-2017-4934, CVE-2017-4935, CVE-2017-4936,
             CVE-2017-4937, CVE-2017-4938

1. Summary

   VMware Workstation, Fusion and Horizon View Client updates resolve
   multiple security vulnerabilities

2. Relevant Products

   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro / Fusion (Fusion)
Comment 1 Manfred Knick 2017-11-17 11:04:00 UTC 
     Workstation :   7098237

     Modules :   308.5.8

     Tools :   still stay @ version 5214329


CONFIRMATION:

     Copy-renaming vmware-{workstation, modules} WORKSFORME .
Comment 2 Manfred Knick 2017-11-17 11:15:03 UTC 
Created attachment 504554 [details]
vmware-workstation-12.5.8.7098237.ebuild

/usr/local/portage/local-overlay/
       app-emulation/vmware-workstation/vmware-workstation-12.5.8.7098237.ebuild
Comment 3 Manfred Knick 2017-11-17 11:17:11 UTC 
Created attachment 504556 [details]
vmware-modules-308.5.8.ebuild

/usr/local/portage/local-overlay/
       app-emulation/vmware-modules/vmware-modules-308.5.8.ebuild
Comment 4 Manfred Knick 2017-11-17 11:25:55 UTC 
==========================================
! EOL notice for Vmware-workstation-12.* :
==========================================

     END OF GENERAL SUPPORT:     2018 / 02 / 25

     END OF TECHNICAL GUIDANCE:        N.A.

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/product-lifecycle-matrix.pdf

( as already supplied in https://bugs.gentoo.org/634770#c14 )


=============================================
! current version : Vmware-workstation-14.0 :
=============================================

REFERENCE:

Bug 634770 - app-emulation/vmware-workstation-14.0.0 version bump
Comment 5 Manfred Knick 2017-11-17 14:14:25 UTC 
Please, c.f.

    Attachment #504564 [details] to bug 634770 

    /usr/local/portage/local-overlay/app-emulation.tar

    https://bugs.gentoo.org/634770#c42
Comment 6 Manfred Knick 2017-11-17 17:07:57 UTC 
REFERENCE:

Corresponding upgrade needed (c.f. comment 1) :

Bug 637948 - app-emulation/vmware-modules-308.5.8 version bump 
             [VMSA-2017-0018] multiple security vulnerabilities
Comment 7 Manfred Knick 2017-11-17 19:27:28 UTC 
UPDATED:  ".1"

[Security-announce] Updated VMSA-2017-0018.1 - 
                    VMware Workstation, Fusion and Horizon View Client updates 
                    resolve multiple security vulnerabilities
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-19 18:38:19 UTC 
VMware was removed from Gentoo repository, therefore we don't track security vulnerabilities anymore.

Re-assigning to overlay.