Day: 16 febrero, 2018

Greetings from the VMware Security Response Center! We thought we should post an explanation of today’s changes to VMSA-2018-0007 as we have removed CVE-2017-5715 from the advisory. The reason we have done this is to clarify which of these issues have been mitigated against currently known variants of the different vulnerabilities. Because CVE-2017-5753 (Meltdown) is […]The post VMSA-2018-0007.1 – VMware Virtual Appliance updates address side-channel analysis due to More info: https://blogs.vmware.com/security/2018/02/vmsa-2018-0007-1-vmware-virtual-appliance-updates-address-side-channel-analysis-due-speculative-execution.html

Two vulnerabilities were discovered in the libraries of the Vorbis audiocompression codec, which could result in denial of service or theexecution of arbitrary code if a malformed media file is processed. More info: https://www.debian.org/security/2018/dsa-4113

Multiple vulnerabilities have been discovered in the Xen hypervisor: More info: https://www.debian.org/security/2018/dsa-4112

It was discovered that jackson-databind, a Java library used to parseJSON and other data formats, did not properly validate user inputbefore attempting deserialization. This allowed an attacker to performcode execution by providing maliciously crafted input. More info: https://www.debian.org/security/2018/dsa-4114