[Security-announce] New VMSA-2018-0019 – Horizon 6, 7 and Horizon Client for Windows updates address an out-of-bounds read vulnerability


–===============4796831091270344117==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary=”_000_SN1PR05MB19029F86DF0D43FAE5224EB7B9270SN1PR05MB1902namp_”

–_000_SN1PR05MB19029F86DF0D43FAE5224EB7B9270SN1PR05MB1902namp_
Content-Type: text/plain; charset=”Windows-1252″
Content-Transfer-Encoding: quoted-printable

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

– ———————————————————————-
VMware Security Advisory

Advisory ID: VMSA-2018-0019
Severity: Important
Synopsis: Horizon 6, 7, and Horizon Client for Windows updates
address an out-of-bounds read vulnerability
Issue date: 2018-08-07
Updated on: 2018-08-07 (Initial Advisory)
CVE number: CVE-2018-6970

1. Summary

Horizon 6, 7, and Horizon Client for Windows updates address an
out-of-bounds read vulnerability

2. Relevant Releases

VMware Horizon 6
VMware Horizon 7
VMware Horizon Client for Windows

3. Problem Description

Horizon 6, 7, and Horizon Client for Windows contain an out-of-
bounds read vulnerability in the Message Framework library.
Successfully exploiting this issue may allow a less-privileged user
to leak information from a privileged process running on a system
where Horizon Connection Server, Horizon Agent or Horizon Client are
installed.

Note: This issue doesn=92t apply to Horizon 6, 7 Agents installed on
Linux systems or Horizon Clients installed on non-Windows systems.

VMware would like to thank Steven Seeley (mr_me) of Source Incite
working with Trend Micro’s Zero Day Initiative for reporting this
issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2018-6970 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply patch Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=
=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Horizon 7 7.x.x Windows Important 7.5.1 None
Horizon 6 6.x.x Windows Important 6.2.7 None
Horizon Client 4.x.x Windows Important 4.8.1 None
for Windows & prior

4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

VMware Horizon 7 version 7.5.1
Downloads and Documentation:
https://my.vmware.com/en/web/vmware/info/slug/
desktop_end_user_computing/vmware_horizon/7_5

VMware Horizon 6 version 6.2.7
Downloads and Documentation:
https://my.vmware.com/group/vmware/info?slug=3D
desktop_end_user_computing/vmware_horizon/6_2

VMware Horizon Client for Windows 4.8.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=3D
578&downloadGroup=3DCART19FQ2_WIN_4_8_1

5. References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-6970
– ———————————————————————–

6. Change log

2018-08-07 VMSA-2018-0019
Initial security advisory in conjunction with the release of VMware
Horizon 6 version 6.2.7 and Horizon Client 4.8.1 on 2018-08-07
– ———————————————————————–

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org

E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter

Copyright 2018 VMware Inc. All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFbadzTDEcm8Vbi9kMRApFhAJ9Al85PjxI81Pf5ZPi8rvQzpiljYACfWYYr
Owvq//va0LudaVYsQLm9+oc=3D
=3DlsWa
—–END PGP SIGNATURE—–

–_000_SN1PR05MB19029F86DF0D43FAE5224EB7B9270SN1PR05MB1902namp_
Content-Type: text/html; charset=”Windows-1252″
Content-Transfer-Encoding: quoted-printable

=

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

– ———————————————————————-
VMware Security Advisory
 
Advisory ID: VMSA-2018-0019
Severity:    Important
Synopsis:    Horizon 6, 7, and Horizon Client for Windows up=
dates
             ad=
dress an out-of-bounds read vulnerability
Issue date:  2018-08-07
Updated on:  2018-08-07 (Initial Advisory)
CVE number:  CVE-2018-6970
             
 
1. Summary
 
   Horizon 6, 7, and Horizon Client for Windows updates address a=
n
   out-of-bounds read vulnerability
 
2. Relevant Releases
 
   VMware Horizon 6
   VMware Horizon 7  
   VMware Horizon Client for Windows
      
3. Problem Description

   Horizon 6, 7, and Horizon Client for Windows contain an out-of=

   bounds read vulnerability in the Message Framework library.
   Successfully exploiting this issue may allow a less-privileged=
user
   to leak information from a privileged process running on a sys=
tem
   where Horizon Connection Server, Horizon Agent or Horizon Clie=
nt are
   installed.
   
   Note: This issue doesn=92t apply to Horizon 6, 7 Agents instal=
led on
   Linux systems or Horizon Clients installed on non-Windows syst=
ems.
      
   VMware would like to thank Steven Seeley (mr_me) of Source Inc=
ite
   working with Trend Micro’s Zero Day Initiative for reporting t=
his
   issue to us.

   The Common Vulnerabilities and Exposures project (cve.mitre.or=
g) has
   assigned the identifier CVE-2018-6970 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is =

   available.

   VMware        Product Runni=
ng           Replace with=
/    Mitigation/
   Product       Version on &n=
bsp;    Severity  Apply patch    &n=
bsp; Workaround
   =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D   =3D=3D=3D=3D=3D=
=3D=3D =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D    =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
   Horizon 7      7.x.x  Windows Im=
portant     7.5.1      &n=
bsp;    None
   Horizon 6      6.x.x  Windows Im=
portant     6.2.7      &n=
bsp;    None
   Horizon Client 4.x.x  Windows Important   =
  4.8.1           No=
ne
   for Windows    & prior

4. Solution
 
   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.
   
   VMware Horizon 7 version 7.5.1
   Downloads and Documentation:  
   https://my.vmware.com/en/web/vmware/info/slug/
   desktop_end_user_computing/vmware_horizon/7_5
   
   VMware Horizon 6 version 6.2.7  
   Downloads and Documentation:  
   https://my.vmware.com/group/vmware/info?slug=3D
   desktop_end_user_computing/vmware_horizon/6_2
   
   VMware Horizon Client for Windows 4.8.1
   Downloads and Documentation:
   https://my.vmware.com/web/vmware/details?productId=3D
   578&downloadGroup=3DCART19FQ2_WIN_4_8_1
 
 
5. References
 
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-6970=

– ———————————————————————–
 
6. Change log
 
   2018-08-07 VMSA-2018-0019
   Initial security advisory in conjunction with the release of V=
Mware
   Horizon 6 version 6.2.7 and Horizon Client 4.8.1 on 2018-08-07=

– ———————————————————————–
 
7. Contact

   E-mail list for product security notifications and announcemen=
ts:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-anno=
unce

   This Security Advisory is posted to the following lists:
   
     security-announce@lists.vmware.com
     bugtraq@securityfocus.com
     fulldisclosure@seclists.org

   E-mail: security@vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html=

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html
   
   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc.  All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8

wj8DBQFbadzTDEcm8Vbi9kMRApFhAJ9Al85PjxI81Pf5ZPi8rvQzpiljYACfWYYr
Owvq//va0LudaVYsQLm9+oc=3D
=3DlsWa
—–END PGP SIGNATURE—–

–_000_SN1PR05MB19029F86DF0D43FAE5224EB7B9270SN1PR05MB1902namp_–

–===============4796831091270344117==
Content-Type: text/plain; charset=”us-ascii”
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
https://lists.vmware.com/mailman/listinfo/security-announce

–===============4796831091270344117==–