Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: May 2016

Monthly Archives: May 2016

New VMware Security Advisory VMSA-2016-0006 and Updated Advisories

Today VMware has released the following new and updated security advisories:
New
VMSA-2016-0006
Updated
VMSA-2015-0007.5
VMSA-2016-0005.1

The new advisory addresses an important cross-site scripting issue in the vSphere Web Client, CVE-2016-2078. The issue is present on the server side when vCenter Server is running on Windows.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

New VMware Security Advisory VMSA-2016-0005

Today VMware has released the following new security advisory:

New


VMSA-2016-0005

The advisory documents remediation for a critical deserialization vulnerability in Oracle JRE, CVE-2016-3427.  VCenter Server is one of the affected products however only the local exploit scenario is relevant if the vCenter server patches and versions listed in VMSA-2015-0007 have been deployed. The advisory also documents a host privilege escalation on Workstation and Player, CVE-2016-2077.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisory and direct any questions to VMware Support.

VMware releases STIG Compliance App for FREE

Hello Everyone,

I am pleased to announce the availability of VMware STIG Compliance App. Using this app, you can assess, remediate and harden remote *NIX machines in line with STIG (Security Technical Implementation Guide) or any other security configuration benchmark. The app is available as a container image.

The app supports and requires configuration benchmark to be in SCAP 1.2 format and is capable of performing XCCDF or OVAL assessments. The app uses OpenSCAP as the assessment engine and Ansible as the action engine for performing remediation and hardening.

Continue reading