Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

VMware Security Advisories

Number: AV16-206
Date: 22 December 2016

Purpose

The purpose of this advisory is to bring attention to security advisories released by VMware.

Assessment

VMware has released product updates addressing security issues for 2 VMware products.

Affected Products:

  • VMware vSphere Hypervisor (ESXi) – this update addresses a cross-site scripting vulnerability found in Versions 5.5 and Version 6.0 of ESXi and has a severity rating of "Important".
  • vSphere Data Protection (VDP) – this update addresses an SSH Key-Based authentication vulnerability found in Versions 6.1,6.0,5.8,5.5 and has a severity rating of "Critical".

CVE References: CVE-2016-7456, CVE-2016-7463

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

VMware Advisories
https://www.vmware.com/security/advisories/VMSA-2016-0023.html
https://www.vmware.com/security/advisories/VMSA-2016-0024.html

Date modified: