-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2018-0019 Severity: Important Synopsis: Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability Issue date: 2018-08-07 Updated on: 2018-08-07 (Initial Advisory) CVE number: CVE-2018-6970 1. Summary Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2. Relevant Releases VMware Horizon 6 VMware Horizon 7 VMware Horizon Client for Windows 3. Problem Description Horizon 6, 7, and Horizon Client for Windows contain an out-of- bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesnt apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems. VMware would like to thank Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6970 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply patch Workaround =========== ======= ======= ========= ============= ========== Horizon 7 7.x.x Windows Important 7.5.1 None Horizon 6 6.x.x Windows Important 6.2.7 None Horizon Client 4.x.x Windows Important 4.8.1 None for Windows & prior 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware Horizon 7 version 7.5.1 Downloads and Documentation: https://my.vmware.com/en/web/vmware/info/slug/ desktop_end_user_computing/vmware_horizon/7_5 VMware Horizon 6 version 6.2.7 Downloads and Documentation: https://my.vmware.com/group/vmware/info?slug= desktop_end_user_computing/vmware_horizon/6_2 VMware Horizon Client for Windows 4.8.1 Downloads and Documentation: https://my.vmware.com/web/vmware/details?productId= 578&downloadGroup=CART19FQ2_WIN_4_8_1 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6970 - ----------------------------------------------------------------------- 6. Change log 2018-08-07 VMSA-2018-0019 Initial security advisory in conjunction with the release of VMware Horizon 6 version 6.2.7 and Horizon Client 4.8.1 on 2018-08-07 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFbagjVDEcm8Vbi9kMRAqkDAJ0amQwAS/4/EaV+vGVSk1Ape1e1pQCg8BYa +gHvsQNiDQvJ825BxU16ayE= =b2UO -----END PGP SIGNATURE-----