Date: Fri, 26 Jan 2018 18:39:26 +0000 From: VMware Security Response Center <security@...are.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Deserialization Vulnerability in VMware Xenon (CVE-2017-4947) VMware Xenon contains a deserialization vulnerability (CVE-2017-4947) due to insufficient content-type filtering of inbound requests. Successful exploitation of this issue may result in remote code execution. Fixes/References -------------- https://github.com/vmware/xenon/commit/092ea98105040e68c6bd0bdf89b86d149dfad1b1 We would like to thank Chris Todd of VMware for reporting this issue. -------------- Edward Hawkins Senior Program Manager, Security Response security@...are.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ