| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1475813899218.13832@vmware.com>
Date: Fri, 7 Oct 2016 04:18:19 +0000
From: VMware Security Response Center <security@...are.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>,
"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: [FD] NEW VMSA-2016-0015 - VMware Horizon View updates address
directory traversal vulnerability
?-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2016-0015
Severity: Important
Synopsis: VMware Horizon View updates address directory traversal
vulnerability
Issue date: 2016-10-06
Updated on: 2016-10-06 (Initial Advisory)
CVE number: CVE-2016-7087
1. Summary
VMware Horizon View updates address directory traversal vulnerability.
2. Relevant Products
VMware Horizon View
3. Problem Description
VMware Horizon View updates address directory traversal vulnerability
VMware Horizon View contains a vulnerability that may allow for a directory
traversal on the Horizon View Connection Server. Exploitation of this issue
may lead to a partial information disclosure.
VMware would like to thank Mike Arnold (Bruk0ut) working with Trend Micro's
Zero Day Initiative for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-7087 to this issue.
Column 5 of the following table lists the action required to remediate the
vulnerability in each release, if a solution is available.
VMware Product Running Replace with/
Product Version on Severity Apply Patch Workaround
=================== ======= ======= ========= ============= ==========
VMware Horizon View 7.x Windows Important 7.0.1 None
VMware Horizon View 6.x Windows Important 6.2.3 None
VMware Horizon View 5.x Windows Important 5.3.7 None
4. Solution
Please review the patch/release notes for your product and version and
verify the checksum of your downloaded file.
VMware Horizon View 7.0.1
Downloads and Documentation:
https://my.vmware.com/en/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/7_0
VMware Horizon View 6.2.3
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/6_2
VMware Horizon View 5.3.7
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon_with_view/5_3
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7087
- ------------------------------------------------------------------------
6. Change log
2016-10-06 VMSA-2016-0015 Initial security advisory in conjunction with the
release of VMware Horizon View 5.3.7 on 2016-10-06.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2016 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iEYEARECAAYFAlf2r08ACgkQDEcm8Vbi9kOESACg4jzeuOyzRC9d003QAQvWcqsx
XZ4Amwb1CE+JmZUM/LSl2uBxZQdxEauK
=G7kh
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists