Twenty Year Anniversary

VMware Security Advisory 2018-0019

VMware Security Advisory 2018-0019
Posted Aug 7, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability.

tags | advisory
systems | windows
advisories | CVE-2018-6970
MD5 | b40331424283676a792f9c3b3bfd9373

VMware Security Advisory 2018-0019

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2018-0019
Severity: Important
Synopsis: Horizon 6, 7, and Horizon Client for Windows updates
address an out-of-bounds read vulnerability
Issue date: 2018-08-07
Updated on: 2018-08-07 (Initial Advisory)
CVE number: CVE-2018-6970


1. Summary

Horizon 6, 7, and Horizon Client for Windows updates address an
out-of-bounds read vulnerability

2. Relevant Releases

VMware Horizon 6
VMware Horizon 7
VMware Horizon Client for Windows

3. Problem Description

Horizon 6, 7, and Horizon Client for Windows contain an out-of-
bounds read vulnerability in the Message Framework library.
Successfully exploiting this issue may allow a less-privileged user
to leak information from a privileged process running on a system
where Horizon Connection Server, Horizon Agent or Horizon Client are
installed.

Note: This issue doesnt apply to Horizon 6, 7 Agents installed on
Linux systems or Horizon Clients installed on non-Windows systems.

VMware would like to thank Steven Seeley (mr_me) of Source Incite
working with Trend Micro's Zero Day Initiative for reporting this
issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2018-6970 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply patch Workaround
=========== ======= ======= ========= ============= ==========
Horizon 7 7.x.x Windows Important 7.5.1 None
Horizon 6 6.x.x Windows Important 6.2.7 None
Horizon Client 4.x.x Windows Important 4.8.1 None
for Windows & prior

4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

VMware Horizon 7 version 7.5.1
Downloads and Documentation:
https://my.vmware.com/en/web/vmware/info/slug/
desktop_end_user_computing/vmware_horizon/7_5

VMware Horizon 6 version 6.2.7
Downloads and Documentation:
https://my.vmware.com/group/vmware/info?slug=
desktop_end_user_computing/vmware_horizon/6_2

VMware Horizon Client for Windows 4.8.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=
578&downloadGroup=CART19FQ2_WIN_4_8_1


5. References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6970
- -----------------------------------------------------------------------

6. Change log

2018-08-07 VMSA-2018-0019
Initial security advisory in conjunction with the release of VMware
Horizon 6 version 6.2.7 and Horizon Client 4.8.1 on 2018-08-07
- -----------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Copyright 2018 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFbagjVDEcm8Vbi9kMRAqkDAJ0amQwAS/4/EaV+vGVSk1Ape1e1pQCg8BYa
+gHvsQNiDQvJ825BxU16ayE=
=b2UO
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    1 Files
  • 18
    Nov 18th
    1 Files
  • 19
    Nov 19th
    3 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close