VMware Product Updates Address Critical Information Disclosure Issue In JRE

Published: 2015-04-04
Last Updated: 2015-04-04 08:51:05 UTC
by Didier Stevens (Version: 1)
2 comment(s)

VMSA-2015-0003

Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE.

VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Java SE Critical Patch Update Advisory of January 2015.

Keywords: update vmware
2 comment(s)

Comments

https://www.smacktls.com/#skip the original issue in question. plus https://access.redhat.com/security/cve/CVE-2014-6593

if I'm not mistaken the main threat here is active MITM
if you access these via the internet - high severity is probably warranted.
for some of them, they should only be accessible via a trusted management network, in which case - it's a bit meh.
> 4 decades ago

Errrrr

Diary Archives