Loading Posts...

Two Security Advisories For SACK And L1 Terminal Fault From VMware

SACK (Selective Acknowledgement) Linux kernal and L1 Terminal fault vulnerabilities have been disclosed and there were pending patches for few VMware products. Recently, VMware has released two security advisories to secure its customer’s environments from SACK (Selective Acknowledgement). VMSA-2019-0010.1 was released to address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478) and Operating System-Specific Mitigations address L1 Terminal Fault – OS vulnerability (VMSA-2018-0021.2) in VMware Virtual Appliances.

Updates For Operating System-Specific Mitigations L1 Terminal Fault – OS vulnerability

This vulnerability may lead to local information disclosure of sensitive information and all unaffected products are displayed in VMware Knowledge Base article 55807.

These patches were released to address the above vulnerability

VMware Product And VersionPatch To Be Applied
Identity Manager (vIDM) 3.x, 2.x19.03
VMware vCenter Server Appliance 6.76.7u1
VMware vCenter Server Appliance 6.56.5u2d
VMware vCenter Server Appliance 6.06.0u3i
vSphere Data Protection (VDP) 6.x6.1.11
vSphere Integrated Containers (VIC) 1.x1.4.3
vRealize Automation 6.x, 7.x7.5.0

Patches For Linux Kernel Vulnerabilities in TCP Selective Acknowledgement (SACK)

These disclosed security vulnerabilities may allows a malicious code to execute a Denial of Service Attack against many Products. You can find all the affected products in this article.

VMware released patches to address the vulnerability for few products.

VMware Product And VersionPatches To Be Applied
AppDefence2.2.1
SD-WAN Edge by VeloCloud3.3.0
SD-WAN Gateway by VeloCloud3.3.0
SD-WAN Orchestrator by VeloCloud3.3.0
Unified Access Gateway3.6
vCenter Server Appliance 6.76.7u2c
vCenter Server Appliance 6.56.5u3

If you have above versions running in your environment, it’s time for you to update your VMware Product Versions.

Aruna Lakmal

Associate Technical Specialist at Pearson, Sri Lanka. Technology junky, enthusiast, a VMware vExpert and a blogger with more than 7 years of Experience in Information Technology more focusing on VMware Virtualization, Microsoft and Datacenter Technologies.

Get Updates Directly To Your Inbox!

   

Leave a Reply

Loading Posts...