Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: July 2015

Monthly Archives: July 2015

VMware Products and CVE-2015-1793

On July 9th 2015, the OpenSSL project released a Security Advisory. This advisory contained 1 security issue (CVE-2015-1793), which was given a severity rating of “high”.

The advisory lists OpenSSL 1.0.1n, 1.0.1o, 1.0.2b and 1.0.2c as being affected by this issue. These updates were released in June 2015.

VMware Security Response Center (vSRC) has investigated this issue and we can confirm that we have not shipped any products with these versions of OpenSSL. We can also confirm that our service offerings do not use them.

We have issued VMware Knowledge Base article 2124931 on this.

VMware has put safeguards in place to ensure upcoming product released will not ship with these versions of OpenSSL.

New VMware Security Advisory VMSA-2015-0005

Today VMware has released the following new advisory

VMSA-2015-0005

This addresses an issue in VMware Workstation, Player and Horizon View Client for Windows that may lead to a host privilege escalation.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-3650 to this issue.