Today VMware has released the following new security advisory:
The advisory documents remediation for a critical deserialization vulnerability in Oracle JRE, CVE-2016-3427. VCenter Server is one of the affected products however only the local exploit scenario is relevant if the vCenter server patches and versions listed in VMSA-2015-0007 have been deployed. The advisory also documents a host privilege escalation on Workstation and Player, CVE-2016-2077.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisory and direct any questions to VMware Support.
I am pleased to announce the availability ofVMware STIG Compliance App. Using this app, you can assess, remediate and harden remote *NIX machines in line with STIG (Security Technical Implementation Guide) or any other security configuration benchmark. The app is available as a container image.
The app supports and requires configuration benchmark to be in SCAP 1.2 format and is capable of performing XCCDF or OVAL assessments. The app uses OpenSCAP as the assessment engine and Ansible as the action engine for performing remediation and hardening.