Alert GCSA-24067 - Aggiornamento di sicurezza per VMware Workstation e Fusion
******************************************************************
Alert ID: GCSA-24067
data: 15 maggio 2024
titolo: Aggiornamento di sicurezza per VMware Workstation e Fusion
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti in oggetto
con le quali vengono risolte 4 vulnerabilita' di sicurezza,
tre di livello alto e una di livello critico (CVE-2024-22267).
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
VMware Workstation Pro 17.x
VMware Workstation Player 17.x
VMware Fusion 13.x
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
:: Soluzioni
Aggiornare alla versione piu' recente:
VMware Workstation Pro 17.5.2
VMware Workstation Player 17.5.2
VMware Fusion 13.5.2
:: Riferimenti
Broadcom Security Advisories - VMSA-2024-0010
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280
The Hacker News
https://thehackernews.com/2024/05/vmware-patches-severe-security-flaws-in.html
Bleeping Computer
https://www.bleepingcomputer.com/news/security/vmware-fixes-three-zero-day-bugs-exploited-at-pwn2own-2024/
SecurityWeek
https://www.securityweek.com/vmware-patches-vulnerabilities-exploited-at-pwn2own-2024/
Riferimenti CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22270
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZkRy/g0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCKJUAn06Y7lwPK6swFw0hoKSJCf9viEb+AJ9TkG5+/Upp
CYgmtCAa9OjasO8lhw==
=k0By
-----END PGP SIGNATURE-----
Alert ID: GCSA-24067
data: 15 maggio 2024
titolo: Aggiornamento di sicurezza per VMware Workstation e Fusion
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni dei prodotti in oggetto
con le quali vengono risolte 4 vulnerabilita' di sicurezza,
tre di livello alto e una di livello critico (CVE-2024-22267).
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
VMware Workstation Pro 17.x
VMware Workstation Player 17.x
VMware Fusion 13.x
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Denial of Service (DoS)
:: Soluzioni
Aggiornare alla versione piu' recente:
VMware Workstation Pro 17.5.2
VMware Workstation Player 17.5.2
VMware Fusion 13.5.2
:: Riferimenti
Broadcom Security Advisories - VMSA-2024-0010
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280
The Hacker News
https://thehackernews.com/2024/05/vmware-patches-severe-security-flaws-in.html
Bleeping Computer
https://www.bleepingcomputer.com/news/security/vmware-fixes-three-zero-day-bugs-exploited-at-pwn2own-2024/
SecurityWeek
https://www.securityweek.com/vmware-patches-vulnerabilities-exploited-at-pwn2own-2024/
Riferimenti CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22270
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZkRy/g0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCKJUAn06Y7lwPK6swFw0hoKSJCf9viEb+AJ9TkG5+/Upp
CYgmtCAa9OjasO8lhw==
=k0By
-----END PGP SIGNATURE-----