Today VMware has released the following new security advisory:
The advisory documents remediation for a critical deserialization vulnerability in Oracle JRE, CVE-2016-3427. VCenter Server is one of the affected products however only the local exploit scenario is relevant if the vCenter server patches and versions listed in VMSA-2015-0007 have been deployed. The advisory also documents a host privilege escalation on Workstation and Player, CVE-2016-2077.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisory and direct any questions to VMware Support.