[Security-announce] Update VMSA-2018-0012.1 VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store


–===============5610465825032050655==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary=”_000_SN1PR05MB1902E6C16919956A592114D4B94E0SN1PR05MB1902namp_”

–_000_SN1PR05MB1902E6C16919956A592114D4B94E0SN1PR05MB1902namp_
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

– ————————————————————————
VMware Security Advisory

Advisory ID: VMSA-2018-0012.1
Severity: Moderate
Synopsis: VMware vSphere, Workstation and Fusion updates enable
Hypervisor-Assisted Guest Mitigations for Speculative Store
Bypass issue
Issue date: 2018-05-21
Updated on: 2018-06-28
CVE number: CVE-2018-3639

1. Summary

VMware vSphere, Workstation and Fusion updates enable Hypervisor-
Assisted Guest Mitigations for Speculative Store Bypass issue.

The mitigations in this advisory are categorized as Hypervisor-
Assisted Guest Mitigations described by VMware Knowledge Base article
54951. KB54951 also covers CVE-2018-3640 mitigations which do not
require VMware product updates.

2. Relevant Products

VMware vCenter Server (VC)
VMware vSphere ESXi (ESXi)
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)

3. Problem Description

vCenter Server, ESXi, Workstation, and Fusion update speculative
execution control mechanism for Virtual Machines (VMs). As a result,
a patched Guest Operating System (GOS) can remediate the Speculative
Store bypass issue (CVE-2018-3639) using the Speculative-Store-
Bypass-Disable (SSBD) control bit. This issue may allow for
information disclosure in applications and/or execution runtimes
which rely on managed code security mechanisms. Based on current
evaluations, we do not believe that CVE-2018-3639 could allow for VM
to VM or Hypervisor to VM Information disclosure.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2018-3639 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply Patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=
=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
VC 6.7 Any Moderate 6.7.0b * None
VC 6.5 Any Moderate 6.5 U2b * None
VC 6.0 Any Moderate 6.0 U3f * None
VC 5.5 Any Moderate 5.5 U3i * None

ESXi 6.7 Any Moderate ESXi670-201806401-BG * None
ESXi670-201806402-BG **
ESXi 6.5 Any Moderate ESXi650-201806401-BG * None
ESXi650-201806402-BG **
ESXi 6.0 Any Moderate ESXi600-201806401-BG * None
ESXi600-201806402-BG **
ESXi 5.5 Any Moderate ESXi550-201806401-BG * None
ESXi550-201806402-BG **

Workstation 14.x Any Moderate 14.1.2 * None
Fusion 10.x OSX Moderate 10.1.2 * None

* There are additional VMware and 3rd party requirements for
CVE-2018-3639 mitigation beyond applying these updates. Please
see VMware Knowledge Base article 55111 for details.

** If available, these ESXi patches apply the required microcode
updates. The included microcode updates are documented in the
VMware Knowledge Base articles listed in the Solution section.

4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

vCenter Server 6.7.0b
Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=3DVC670B&productId=
=3D742
&rPId=3D24511
Documentation:

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670
b-release-notes.html

vCenter Server 6.5 U2b
Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=3DVC65U2B&productId=
=3D61
4&rPId=3D24437
Documentation:

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u
2b-release-notes.html

vCenter Server 6.0 U3f
Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=3DVC60U3F&productId=
=3D49
1&rPId=3D24398
Documentation:

https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u
3f-release-notes.html

vCenter Server 5.5 U3i
Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=3DVC55U3I&productId=
=3D35
3&rPId=3D24327
Documentation:

https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u
3i-release-notes.html

VMware ESXi 6.7
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
https://kb.vmware.com/kb/55920
https://kb.vmware.com/kb/55921 (microcode)

VMware ESXi 6.5
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
https://kb.vmware.com/kb/55915
https://kb.vmware.com/kb/55916 (microcode)

VMware ESXi 6.0
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
https://kb.vmware.com/kb/55910
https://kb.vmware.com/kb/55911 (microcode)

VMware ESXi 5.5
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
https://kb.vmware.com/kb/55905
https://kb.vmware.com/kb/55906 (microcode)

VMware Workstation Pro, Player 14.1.2
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/go/downloadplayer

VMware Fusion Pro / Fusion 10.1.2
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion

5. References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-3639
https://kb.vmware.com/kb/54951
https://kb.vmware.com/kb/55111

– ————————————————————————

6. Change log

2018-05-21: VMSA-2018-0012
Initial security advisory in conjunction with the release
of Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21.

2018-06-28: VMSA-2018-0012.1
Updated security advisory in conjunction with the release of vCenter
Server 5.5 U3i, 6.0 U3f, 6.5 U2b, 6.7.0b and ESXi 5.5 – 6.7 patches
on 2018-06-28.

– ————————————————————————

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter

Copyright 2018 VMware Inc. All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFbNaFeDEcm8Vbi9kMRAn4NAJ42HgDjfXkcTVfDupwE4KPdPVsf7wCcDaLy
aN23XiAmhvFSxcQ5GnJR0ls=3D
=3DfrKv
—–END PGP SIGNATURE—–

–_000_SN1PR05MB1902E6C16919956A592114D4B94E0SN1PR05MB1902namp_
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
– ——————————————————————–=
—-
                    =
    VMware Security Advisory
Advisory ID: VMSA-2018-0012.1
Severity:    Moderate
Synopsis:    VMware vSphere, Workstation and Fusion updates =
enable
             Hypervisor-Assisted Gu=
est Mitigations for Speculative Store
             Bypass issue
Issue date:  2018-05-21
Updated on:  2018-06-28
CVE number:  CVE-2018-3639
1. Summary
   VMware vSphere, Workstation and Fusion updates enable Hyp=
ervisor-
   Assisted Guest Mitigations for Speculative Store Bypass i=
ssue.
   The mitigations in this advisory are categorized as Hyper=
visor-
   Assisted Guest Mitigations described by VMware Knowledge =
Base article
   54951. KB54951 also covers CVE-2018-3640 mitigations whic=
h do not
   require VMware product updates.
2. Relevant Products
   VMware vCenter Server (VC)
   VMware vSphere ESXi (ESXi)
   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro / Fusion (Fusion)
3. Problem Description
   vCenter Server, ESXi, Workstation, and Fusion update spec=
ulative
   execution control mechanism for Virtual Machines (VMs). A=
s a result,
   a patched Guest Operating System (GOS) can remediate the =
Speculative
   Store bypass issue (CVE-2018-3639) using the Speculative-=
Store-
   Bypass-Disable (SSBD) control bit. This issue may allow f=
or
   information disclosure in applications and/or execution r=
untimes
   which rely on managed code security mechanisms. Based on =
current
   evaluations, we do not believe that CVE-2018-3639 could a=
llow for VM
   to VM or Hypervisor to VM Information disclosure.
   The Common Vulnerabilities and Exposures project (cve.mit=
re.org) has
   assigned the identifier CVE-2018-3639 to this issue.
   Column 5 of the following table lists the action required=
to
   remediate the vulnerability in each release, if a solutio=
n is
   available.
   
   VMware      Product Running    &=
nbsp;     Replace with/        Mitigation/

   Product     Version on     =
Severity Apply Patch          Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =
=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
   VC          6.7    &nb=
sp;Any     Moderate 6.7.0b *        &nbs=
p;       None
   VC          6.5    &nb=
sp;Any     Moderate 6.5 U2b *        &nb=
sp;      None
   VC          6.0    &nb=
sp;Any     Moderate 6.0 U3f *        &nb=
sp;      None
   VC          5.5    &nb=
sp;Any     Moderate 5.5 U3i *        &nb=
sp;      None
   ESXi        6.7     An=
y     Moderate ESXi670-201806401-BG *  None
                    =
                    ESXi6=
70-201806402-BG **
   ESXi        6.5     An=
y     Moderate ESXi650-201806401-BG *  None
                    =
                    ESXi6=
50-201806402-BG **
   ESXi        6.0     An=
y     Moderate ESXi600-201806401-BG *  None
                    =
                    ESXi6=
00-201806402-BG **
   ESXi        5.5     An=
y     Moderate ESXi550-201806401-BG *  None
                    =
                    ESXi5=
50-201806402-BG **
   
   Workstation 14.x    Any     Mode=
rate 14.1.2 *                None

   Fusion      10.x    OSX  &n=
bsp;  Moderate 10.1.2 *            &nbsp=
;   None
   * There are additional VMware and 3rd party requirements =
for
   CVE-2018-3639 mitigation beyond applying these updates. P=
lease
   see VMware Knowledge Base article 55111 for details.
 
   ** If available, these ESXi patches apply the required mi=
crocode
   updates. The included microcode updates are documented in=
the
   VMware Knowledge Base articles listed in the Solution sec=
tion. 
4. Solution
   Please review the patch/release notes for your product an=
d
   version and verify the checksum of your downloaded file.

   vCenter Server 6.7.0b
   Downloads:
  
https://my.vmware.com/web/vmware/details?downloadGroup=3DVC670B&pr=
oductId=3D742
&rPId=3D24511
   Documentation:
  
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-serve=
r-670
b-release-notes.html
   vCenter Server 6.5 U2b
   Downloads:
  
https://my.vmware.com/web/vmware/details?downloadGroup=3DVC65U2B&p=
roductId=3D61
4&rPId=3D24437
   Documentation:
  
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-serve=
r-65u
2b-release-notes.html
   vCenter Server 6.0 U3f
   Downloads:
  
https://my.vmware.com/web/vmware/details?downloadGroup=3DVC60U3F&p=
roductId=3D49
1&rPId=3D24398
   Documentation:
  
https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-serve=
r-60u
3f-release-notes.html
   vCenter Server 5.5 U3i
   Downloads:
  
https://my.vmware.com/web/vmware/details?downloadGroup=3DVC55U3I&p=
roductId=3D35
3&rPId=3D24327
   Documentation:
  
https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-serve=
r-55u
3i-release-notes.html
   VMware ESXi 6.7
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   https://kb.vmware.com/kb/55920
   https://kb.vmware.com/kb/55921 (microcode)
   VMware ESXi 6.5
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   https://kb.vmware.com/kb/55915
   https://kb.vmware.com/kb/55916 (microcode)
   VMware ESXi 6.0
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   https://kb.vmware.com/kb/55910
   https://kb.vmware.com/kb/55911 (microcode)
   VMware ESXi 5.5
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   https://kb.vmware.com/kb/55905
   https://kb.vmware.com/kb/55906 (microcode)
   VMware Workstation Pro, Player 14.1.2
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation
   https://www.vmware.com/go/downloadplayer
   VMware Fusion Pro / Fusion 10.1.2
   Downloads and Documentation:  
   https://www.vmware.com/go/downloadfusion
5. References
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018=
-3639
   https://kb.vmware.com/kb/54951
   https://kb.vmware.com/kb/55111
– ——————————————————————–=
—-
6. Change log
   2018-05-21: VMSA-2018-0012
   Initial security advisory in conjunction with the release=
   of Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21.

   2018-06-28: VMSA-2018-0012.1
   Updated security advisory in conjunction with the release=
of vCenter
   Server 5.5 U3i, 6.0 U3f, 6.5 U2b, 6.7.0b and ESXi 5.5 – 6=
.7 patches
   on 2018-06-28.
– ——————————————————————–=
—-
7. Contact
   E-mail list for product security notifications and announ=
cements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security=
-announce
   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org
   E-mail: security at vmware.com
   PGP key at: https://kb.vmware.com/kb/1055
   VMware Security Advisories
   http://www.vmware.com/security/advisories
   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response=
.html
   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

 
   VMware Security & Compliance Blog   
   https://blogs.vmware.com/security
   Twitter
   https://twitter.com/VMwareSRC
   Copyright 2018 VMware Inc. All rights reserved.
—–BEGIN PGP SIGNATURE—–
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFbNaFeDEcm8Vbi9kMRAn4NAJ42HgDjfXkcTVfDupwE4KPdPVsf7wCcDaLy
aN23XiAmhvFSxcQ5GnJR0ls=3D
=3DfrKv
—–END PGP SIGNATURE—–

–_000_SN1PR05MB1902E6C16919956A592114D4B94E0SN1PR05MB1902namp_–

–===============5610465825032050655==
Content-Type: text/plain; charset=”us-ascii”
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
https://lists.vmware.com/mailman/listinfo/security-announce

–===============5610465825032050655==–