Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 637922 - [vmware] app-emulation/vmware-{workstation, player}-12.5.8 version bump [VMSA-2017-0018] multiple security vulnerabilities
Summary: [vmware] app-emulation/vmware-{workstation, player}-12.5.8 version bump [VMSA...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Overlays (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo VMWare Bug Squashers [disabled]
URL:
Whiteboard:
Keywords: InOverlay
Depends on:
Blocks:
 
Reported: 2017-11-17 10:00 UTC by Manfred Knick
Modified: 2017-11-19 20:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
vmware-workstation-12.5.8.7098237.ebuild (vmware-workstation-12.5.8.7098237.ebuild,16.92 KB, text/plain)
2017-11-17 11:15 UTC, Manfred Knick
Details
vmware-modules-308.5.8.ebuild (vmware-modules-308.5.8.ebuild,5.94 KB, text/plain)
2017-11-17 11:17 UTC, Manfred Knick
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Manfred Knick 2017-11-17 10:00:48 UTC
Please, ASSIGN to:   security@gentoo.org
========================================

                               VMware Security Advisory

Advisory ID: VMSA-2017-0018
Severity:    Critical
Synopsis:    VMware Workstation, Fusion and Horizon View Client updates
             resolve multiple security vulnerabilities
Issue date:  2017-11-16
Updated on:  2017-11-16 (Initial Advisory)
CVE number:  CVE-2017-4934, CVE-2017-4935, CVE-2017-4936,
             CVE-2017-4937, CVE-2017-4938

1. Summary

   VMware Workstation, Fusion and Horizon View Client updates resolve
   multiple security vulnerabilities

2. Relevant Products

   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro / Fusion (Fusion)
Comment 1 Manfred Knick 2017-11-17 11:04:00 UTC
     Workstation :   7098237

     Modules :   308.5.8

     Tools :   still stay @ version 5214329


CONFIRMATION:

     Copy-renaming vmware-{workstation, modules} WORKSFORME .
Comment 2 Manfred Knick 2017-11-17 11:15:03 UTC
Created attachment 504554 [details]
vmware-workstation-12.5.8.7098237.ebuild

/usr/local/portage/local-overlay/
       app-emulation/vmware-workstation/vmware-workstation-12.5.8.7098237.ebuild
Comment 3 Manfred Knick 2017-11-17 11:17:11 UTC
Created attachment 504556 [details]
vmware-modules-308.5.8.ebuild

/usr/local/portage/local-overlay/
       app-emulation/vmware-modules/vmware-modules-308.5.8.ebuild
Comment 4 Manfred Knick 2017-11-17 11:25:55 UTC
==========================================
! EOL notice for Vmware-workstation-12.* :
==========================================

     END OF GENERAL SUPPORT:     2018 / 02 / 25

     END OF TECHNICAL GUIDANCE:        N.A.

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/product-lifecycle-matrix.pdf

( as already supplied in https://bugs.gentoo.org/634770#c14 )


=============================================
! current version : Vmware-workstation-14.0 :
=============================================

REFERENCE:

Bug 634770 - app-emulation/vmware-workstation-14.0.0 version bump
Comment 5 Manfred Knick 2017-11-17 14:14:25 UTC
Please, c.f.

    Attachment #504564 [details] to bug 634770 

    /usr/local/portage/local-overlay/app-emulation.tar

    https://bugs.gentoo.org/634770#c42
Comment 6 Manfred Knick 2017-11-17 17:07:57 UTC
REFERENCE:

Corresponding upgrade needed (c.f. comment 1) :

Bug 637948 - app-emulation/vmware-modules-308.5.8 version bump 
             [VMSA-2017-0018] multiple security vulnerabilities
Comment 7 Manfred Knick 2017-11-17 19:27:28 UTC
UPDATED:  ".1"

[Security-announce] Updated VMSA-2017-0018.1 - 
                    VMware Workstation, Fusion and Horizon View Client updates 
                    resolve multiple security vulnerabilities
Comment 8 Thomas Deutschmann gentoo-dev Security 2017-11-19 18:38:19 UTC
VMware was removed from Gentoo repository, therefore we don't track security vulnerabilities anymore.

Re-assigning to overlay.