[German]VMware has released security updates for its virtualization products VMware Workstation Pro, VMware Player, VMware ESXi and VMware Fusion.
VMware Security Advisory VMSA-2018-0027, dated of 9 November 2018, refers to critical vulnerabilities (CVE-2018-6981, CVE-2018-6982). The VMware ESXi, Workstation, and Fusion updates address an uninitialized stack memory usage vulnerability. This applies to the following products:
- VMware vSphere ESXi (ESXi)
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro, Fusion (Fusion)
VMware ESXi, Fusion and Workstation include an uninitialized stack usage in the virtual network adapter vmxnet3. This vulnerability could allow a guest to execute code on the host. The problem occurs when vmxnet3 is enabled. Non-vmxnet3 virtual adapters are not affected by this issue.
- ESXi 6.7, Patch: ESXi670-201811401-BG
- ESXi 6.5, Patch ESXi650-201811301-BG
- ESXi 6.0, Patch ESXi600-201811401-BG
- Workstation 15.x, Patch 15.0.1
- Workstation 14.x, Patch 14.1.4
- Fusion 11.x (OS X), Patch 11.0.1
- Fusion 10.x (OS X), Patch 10.1.4