Updates on technologies, trends, and tools

VMware Patches Critical Vulnerabilities

VMware has patched (https://nakedsecurity.sophos.com/2019/04/02/vmware-patches-pwn2own-flaws/) five critical vulnerabilities in its products. The affected products/families include vSphere ESX-i, VMware Workstation Pro/Player, and VMware Fusion Pro/Fusion.

A team of hackers called Fluoroacetate demonstrated exploitation of two flaws at the CanSecWest cybersecurity conference, which took place in Canada.

These two flaws exploited out-of-bounds read/write vulnerability and a time-of-check/time-of-use (TOCTOU) vulnerability in the virtual universal host controller interface used by ESXi, Workstation, and Fusion.

"An attacker must have access to a virtual machine with a virtual USB controller present, the advisory said, adding that it could allow a guest VM to execute code on the host system," said VMware in a security advisory. The good news is that an attacker needs access to a virtual machine with a virtual USB controller present to execute code on the host system.

Two other issues allow code execution on the host from a guest. The fifth vulnerability, which affects the Fusion product, allows an unauthenticated application programming interface (API) access to an application menu through a web socket.

If you use any of these VMware products, please update them now.

More Online

Linux Magazine


Linux Administration Focus


Network Sleuth * Ken Hess

When it comes to network recon, arp-scan allows you to collect device intel quickly and stealthily.

The Eye of Sauron * Mayank Sharma

Use Zabbix to keep tabs on all your machines across the network.



OpenMP * Jeff Layton

The HPC world is racing toward Exascale, resulting in systems with a very large number of cores and accelerators.

Porting Code to OpenACC * Jeff Layton

In previous articles, I talked about how OpenACC can help you parallelize your code and gave a few simple examples of how to use OpenACC directives, but I didn't discuss how to go about porting your code.

ADMIN Online


Web Perfect * Andreas Möller

Web Components let you define your own HTML tags to restructure monolithic web pages into smaller services and simplify maintenance and servicing.

Mesh Design * Abe Sharp

Enable free service mesh functionality on your Kubernetes microservice apps with Istio.

Cloud Creator * Grzegorz Juszczak

Today's OpenStack has become a mature product with automated asset configuration tools, including cloud-init, a powerful script that saves time by automatically configuring a large number of virtual servers in the cloud.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • News

    In the news: Reddit closing doors to open source, VMware brings its cloud to AWS, Gnome celebrates its 20th birthday, SQL Server comes to RHEL; OpenShift comes to Azure, and FDA recalls nearly half a million pacemakers over security concerns. 

  • VMware Releases Tools and Acquires Dunes Technologies

    VMware has released most of its VMware tools as Open Source. The manufacturer of the popular virtualization software announced this move at the VMworld Conference in San Francisco.

  • This Month's DVD

    Ubuntu 19.04 "Disco Dingo" Desktop and Fedora 30 Workstation

  • Interview – Red Hat's Jim Perrin

    Swapnil sorts through the complex relationships of CentOS, Fedora, and RHEL with Red Hat's Jim Perrin.

  • Alpha Version of Fedora 19 Released

    Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.

comments powered by Disqus