[Security-announce] Updated VMSA-2017-0018.1 – VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities

\n\n–===============4772344358796212726==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary=”_000_BY2PR0501MB1686127302F29B774E334192B92F0BY2PR0501MB1686_”

–_000_BY2PR0501MB1686127302F29B774E334192B92F0BY2PR0501MB1686_
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

– ———————————————————————–

VMware Security Advisory

Advisory ID: VMSA-2017-0018.1
Severity: Critical
Synopsis: VMware Workstation, Fusion and Horizon View Client updates
resolve multiple security vulnerabilities
Issue date: 2017-11-16
Updated on: 2017-11-17
CVE number: CVE-2017-4934, CVE-2017-4935, CVE-2017-4936,
CVE-2017-4937, CVE-2017-4938, CVE-2017-4939

1. Summary

VMware Workstation, Fusion and Horizon View Client updates resolve
multiple security vulnerabilities

2. Relevant Products

VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)

3. Problem Description

a. Heap buffer-overflow vulnerability in VMNAT device

VMware Workstation and Fusion contain a heap buffer-overflow
vulnerability in VMNAT device. This issue may allow a guest to
execute code on the host.

VMware would like to thank Jun Mao of Tencent PC Manager working
with ZDI for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4934 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Workstation 14.x Any N/A Not affected N/A
Workstation 12.x Any Critical 12.5.8 None
Fusion 10.x OS X N/A Not affected N/A
Fusion 8.x OS X Critical 8.5.9 None

b. Out-of-bounds write via Cortado ThinPrint

VMware Workstation and Horizon View Client contain an out-of-bounds
write vulnerability in JPEG2000 parser in the TPView.dll.

On Workstation, this may allow a guest to execute code or perform a
Denial of Service on the Windows OS that runs Workstation. In the
case of a Horizon View Client, this may allow a View desktop to
execute code or perform a Denial of Service on the Windows OS that
runs the Horizon View Client.

Exploitation is only possible if virtual printing has been enabled.
This feature is not enabled by default on Workstation but it is
enabled by default on Horizon View Client.

VMware would like to thank Anonymous working with ZDI for reporting
this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4935 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Horizon View 4.x Windows Critical 4.6.1 None
Client for Windows
Workstation 14.x Any N/A Not affected N/A
Workstation 12.x Windows Critical 12.5.8 None
Workstation 12.x Linux N/A Not affected N/A

c. Multiple out-of-bounds read issues via Cortado ThinPrint

VMware Workstation and Horizon View Client contain multiple
out-of-bounds read vulnerabilities in JPEG2000 parser in the
TPView.dll. On Workstation, this may allow a guest to execute code
or perform a Denial of Service on the Windows OS that runs
Workstation. In the case of a Horizon View Client, this may allow a
View desktop to execute code or perform a Denial of Service on the
Windows OS that runs the Horizon View Client.

Exploitation is only possible if virtual printing has been enabled.
This feature is not enabled by default on Workstation but it is
enabled by default on Horizon View.

VMware would like to thank Ke Liu of Tencent’s Xuanwu Lab for
reporting these issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifiers CVE-2017-4936 (JPEG2000 Issue-1) and
CVE-2017-4937 (JPEG2000 Issue-2) to these issues.

Column 5 of the following table lists the action required to remediate
the vulnerability in each release, if a solution is available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Horizon View 4.x Windows Critical 4.6.1 None
Client for Windows
Workstation 14.x Any N/A Not affected N/A
Workstation 12.x Windows Critical 12.5.8 None
Workstation 12.x Linux N/A Not affected N/A

d. Guest RPC NULL pointer dereference vulnerability

VMware Workstation and Fusion contain a guest RPC NULL pointer
dereference vulnerability. Successful exploitation of this issue
may allow attackers with normal user privileges to crash their VMs.

VMware would like to thank Skyer for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4938 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Workstation 14.x Any N/A Not affected N/A
Workstation 12.x Any Moderate 12.5.8 None
Fusion 10.x OS X N/A Not affected N/A
Fusion 8.x OS X Moderate 8.5.9 None

e. VMware Workstation installer DLL hijacking issue

Workstation installer contains a DLL hijacking issue that exists due
to some DLL files loaded by the application improperly. This issue
may allow an attacker to load a DLL file of the attacker’s choosing
that could execute arbitrary code.

VMware would like to thank Bj=F6rn Ruytenberg for reporting this issue
to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4939 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=
=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Workstation 14.x Any N/A Not affected N/A
Workstation 12.x Windows Important 12.5.8 None
Workstation 12.x Linux N/A Not affected N/A

4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

VMware Horizon View Client 4.6.1
Downloads and
Documentation:https://my.vmware.com/web/vmware/details?downloadGroup=3DCART=
18
FQ3_
WIN_461&productId=3D578&rPId=3D18817

VMware Workstation Pro 12.5.8
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/support/pubs/ws_pubs.html

VMware Workstation Player 12.5.8
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://www.vmware.com/support/pubs/player_pubs.html

VMware Fusion Pro / Fusion 8.5.9
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://www.vmware.com/support/pubs/fusion_pubs.html

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4939

– ————————————————————————

6. Change log

2017-11-16 VMSA-2017-0018
Initial security advisory in conjunction with the release of VMware
Workstation 12.5.8 and Fusion 8.5.9 on 2017-11-16.

2017-11-17 VMSA-2017-0018.1
Updated security advisory to add issue 3(e).

– ————————————————————————
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org

E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter

Copyright 2017 VMware Inc. All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFaDzRdDEcm8Vbi9kMRAs8YAKDoafR7M1s/Thp0jXCjyGmNJfbd4QCdE0EG
X+Soyi5K+If4t+Gq3PMf874=3D
=3Drn4g
—–END PGP SIGNATURE—–

–_000_BY2PR0501MB1686127302F29B774E334192B92F0BY2PR0501MB1686_
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

– ———————————————————————–

            &nb=
sp;            =
      VMware Security Advisory

Advisory ID: VMSA-2017-0018.1
Severity:    Critical
Synopsis:    VMware Workstation, Fusion and Horizon View Cli=
ent updates
             re=
solve multiple security vulnerabilities
Issue date:  2017-11-16
Updated on:  2017-11-17
CVE number:  CVE-2017-4934, CVE-2017-4935, CVE-2017-4936,
             CV=
E-2017-4937, CVE-2017-4938, CVE-2017-4939

1. Summary

   VMware Workstation, Fusion and Horizon View Client updates res=
olve
   multiple security vulnerabilities

2. Relevant Products

   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro / Fusion (Fusion)   

3. Problem Description
    
   a. Heap buffer-overflow vulnerability in VMNAT device
   
   VMware Workstation and Fusion contain a heap buffer-overflow
   vulnerability in VMNAT device. This issue may allow a guest to=

   execute code on the host.
   
   VMware would like to thank Jun Mao of Tencent PC Manager worki=
ng
   with ZDI for reporting this issue to us.
   
   The Common Vulnerabilities and Exposures project (cve.mitre.or=
g) has
   assigned the identifier CVE-2017-4934 to this issue.
   
   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.
   
   VMware          P=
roduct Running           =
Replace with/   Mitigation
   Product         Versio=
n on      Severity  Apply patch  &n=
bsp;  Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
   Workstation      14.x  &nbs=
p; Any      N/A      Not =
affected      N/A
   Workstation      12.x  &nbs=
p; Any    Critical    12.5.8  &nbsp=
;        None
    Fusion        &n=
bsp; 10.x    OS X     N/A  &nb=
sp;   Not affected      N/A   =
 
    Fusion        &n=
bsp; 8.x     OS X   Critical  &nbsp=
; 8.5.9            N=
one
    
   b. Out-of-bounds write via Cortado ThinPrint
 
   VMware Workstation and Horizon View Client contain an out-of-b=
ounds
   write vulnerability in JPEG2000 parser in the TPView.dll.
   
   On Workstation, this may allow a guest to execute code or perf=
orm a
   Denial of Service on the Windows OS that runs Workstation. In =
the
   case of a Horizon View Client, this may allow a View desktop t=
o
   execute code or perform a Denial of Service on the Windows OS =
that
   runs the Horizon  View Client.
   
   Exploitation is only possible if virtual printing has been ena=
bled.
   This feature is not enabled by default on Workstation but it i=
s
   enabled by default on Horizon View Client.
   
   VMware would like to thank Anonymous working with ZDI for repo=
rting
   this issue to us.
   
   The Common Vulnerabilities and Exposures project (cve.mitre.or=
g) has
   assigned the identifier CVE-2017-4935 to this issue.
   
   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware          P=
roduct Running           =
Replace with/   Mitigation
   Product         Versio=
n on      Severity  Apply patch  &n=
bsp;  Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
   Horizon View      4.x   Win=
dows Critical    4.6.1      &n=
bsp;    None
   Client for Windows
   Workstation      14.x  &nbs=
p; Any      N/A      Not =
affected      N/A
   Workstation      12.x   Win=
dows Critical    12.5.8      &=
nbsp;   None
   Workstation      12.x  &nbs=
p; Linux    N/A      Not affected&n=
bsp;     N/A
   
   c. Multiple out-of-bounds read issues via Cortado ThinPrint

   VMware Workstation and Horizon View Client contain multiple
   out-of-bounds read vulnerabilities in JPEG2000 parser in the
   TPView.dll. On Workstation, this may allow a guest to execute =
code
   or perform a Denial of Service on the Windows OS that runs&nbs=
p;         
   Workstation. In the case of a Horizon View Client, this may al=
low a
   View desktop to execute code or perform a Denial of Service on=
the
   Windows OS that runs the Horizon View Client.
 
   Exploitation is only possible if virtual printing has been ena=
bled.
   This feature is not enabled by default on Workstation but it i=
s
   enabled by default on Horizon View.
    
   VMware would like to thank Ke Liu of Tencent’s Xuanwu Lab for =

   reporting these issues to us.
    
   The Common Vulnerabilities and Exposures project (cve.mitre.or=
g) has
   assigned the identifiers CVE-2017-4936 (JPEG2000 Issue-1) and =

   CVE-2017-4937 (JPEG2000 Issue-2) to these issues.
   
   Column 5 of the following table lists the action required to r=
emediate
   the vulnerability in each release, if a solution is available.=

 
   VMware          P=
roduct Running           =
Replace with/   Mitigation
   Product         Versio=
n on      Severity  Apply patch  &n=
bsp;  Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
   Horizon View      4.x   Win=
dows Critical    4.6.1      &n=
bsp;    None
   Client for Windows
   Workstation      14.x  &nbs=
p;  Any     N/A      Not =
affected      N/A
   Workstation      12.x   Win=
dows Critical    12.5.8      &=
nbsp;   None  
   Workstation      12.x  &nbs=
p; Linux    N/A      Not affected&n=
bsp;     N/A
 
   d. Guest RPC NULL pointer dereference vulnerability
   
   VMware Workstation and Fusion contain a guest RPC NULL pointer=

   dereference vulnerability. Successful exploitation of this iss=
ue
   may allow attackers with normal user privileges to crash their=
VMs.
   
   VMware would like to thank Skyer for reporting this issue to u=
s.
   
   The Common Vulnerabilities and Exposures project (cve.mitre.or=
g) has
   assigned the identifier CVE-2017-4938 to this issue.
   
   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.
   
   VMware          P=
roduct Running           =
Replace with/   Mitigation
   Product         Versio=
n on      Severity  Apply patch  &n=
bsp;  Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
   Workstation      14.x  &nbs=
p; Any      N/A      Not =
affected      N/A
   Workstation      12.x  &nbs=
p; Any    Moderate    12.5.8  &nbsp=
;        None
    Fusion        &n=
bsp; 10.x    OS X     N/A  &nb=
sp;   Not affected      N/A   =
 
    Fusion        &n=
bsp; 8.x     OS X   Moderate  &nbsp=
; 8.5.9            N=
one
    
   e. VMware Workstation installer DLL hijacking issue
   
   Workstation installer contains a DLL hijacking issue that exis=
ts due
   to some DLL files loaded by the application improperly. This i=
ssue
   may allow an attacker to load a DLL file of the attacker’s cho=
osing
   that could execute arbitrary code.

   VMware would like to thank Bj=F6rn Ruytenberg for reporting th=
is issue
   to us.
    
   The Common Vulnerabilities and Exposures project (cve.mitre.or=
g) has
   assigned the identifier CVE-2017-4939 to this issue.
      
   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.
   
   VMware          P=
roduct Running           =
Replace with/   Mitigation
   Product         Versio=
n on      Severity  Apply patch  &n=
bsp;  Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D  =3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
   Workstation      14.x  &nbs=
p; Any      N/A      Not =
affected      N/A
   Workstation      12.x   Win=
dows Important   12.5.8       =
   None
   Workstation      12.x  &nbs=
p; Linux    N/A      Not affected&n=
bsp;     N/A
 
4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.
   
   VMware Horizon View Client 4.6.1
   Downloads and
Documentation:https://my.vmware.com/web/vmware/details?downloadGroup=3DCART=
18
FQ3_
   WIN_461&productId=3D578&rPId=3D18817   &nbsp=
;
   
   VMware Workstation Pro 12.5.8
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation
   https://www.vmware.com/support/pubs/ws_pubs.html

   VMware Workstation Player 12.5.8
   Downloads and Documentation:
   https://www.vmware.com/go/downloadplayer
   https://www.vmware.com/support/pubs/player_pubs.html
   
   VMware Fusion Pro / Fusion 8.5.9
   Downloads and Documentation:  
   https://www.vmware.com/go/downloadfusion  
   https://www.vmware.com/support/pubs/fusion_pubs.html &nbs=
p;             =

   
   
5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4934
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4935
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4936
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4937
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4938
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-4939

– ————————————————————————

6. Change log

   2017-11-16 VMSA-2017-0018
   Initial security advisory in conjunction with the release of V=
Mware
   Workstation 12.5.8 and Fusion 8.5.9 on 2017-11-16.
   
   2017-11-17 VMSA-2017-0018.1
   Updated security advisory to add issue 3(e).

– ————————————————————————
7. Contact

   E-mail list for product security notifications and announcemen=
ts:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-anno=
unce

   This Security Advisory is posted to the following lists:
   
     security-announce@lists.vmware.com
     bugtraq@securityfocus.com
     fulldisclosure@seclists.org

   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html=

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html
   
   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2017 VMware Inc.  All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFaDzRdDEcm8Vbi9kMRAs8YAKDoafR7M1s/Thp0jXCjyGmNJfbd4QCdE0EG
X+Soyi5K+If4t+Gq3PMf874=3D
=3Drn4g
—–END PGP SIGNATURE—–

–_000_BY2PR0501MB1686127302F29B774E334192B92F0BY2PR0501MB1686_–

–===============4772344358796212726==
Content-Type: text/plain; charset=”us-ascii”
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
https://lists.vmware.com/mailman/listinfo/security-announce

–===============4772344358796212726==–