SACK (Selective Acknowledgement) Linux kernal and L1 Terminal fault vulnerabilities have been disclosed and there were pending patches for few VMware products. Recently, VMware has released two security advisories to secure its customer’s environments from SACK (Selective Acknowledgement). VMSA-2019-0010.1 was released to address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478) and Operating System-Specific Mitigations address L1 Terminal Fault – OS vulnerability (VMSA-2018-0021.2) in VMware Virtual Appliances.
Updates For Operating System-Specific Mitigations L1 Terminal Fault – OS vulnerability
This vulnerability may lead to local information disclosure of sensitive information and all unaffected products are displayed in VMware Knowledge Base article 55807.
These patches were released to address the above vulnerability
|VMware Product And Version||Patch To Be Applied|
|Identity Manager (vIDM) 3.x, 2.x||19.03|
|VMware vCenter Server Appliance 6.7||6.7u1|
|VMware vCenter Server Appliance 6.5||6.5u2d|
|VMware vCenter Server Appliance 6.0||6.0u3i|
|vSphere Data Protection (VDP) 6.x||6.1.11|
|vSphere Integrated Containers (VIC) 1.x||1.4.3|
|vRealize Automation 6.x, 7.x||7.5.0|
Patches For Linux Kernel Vulnerabilities in TCP Selective Acknowledgement (SACK)
These disclosed security vulnerabilities may allows a malicious code to execute a Denial of Service Attack against many Products. You can find all the affected products in this article.
VMware released patches to address the vulnerability for few products.
|VMware Product And Version||Patches To Be Applied|
|SD-WAN Edge by VeloCloud||3.3.0|
|SD-WAN Gateway by VeloCloud||3.3.0|
|SD-WAN Orchestrator by VeloCloud||3.3.0|
|Unified Access Gateway||3.6|
|vCenter Server Appliance 6.7||6.7u2c|
|vCenter Server Appliance 6.5||6.5u3|
If you have above versions running in your environment, it’s time for you to update your VMware Product Versions.