Date: Fri, 26 Jan 2018 18:39:26 +0000 From: VMware Security Response Center <security@...are.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Deserialization Vulnerability in VMware Xenon (CVE-2017-4947) VMware Xenon contains a deserialization vulnerability (CVE-2017-4947) due to insufficient content-type filtering of inbound requests. Successful exploitation of this issue may result in remote code execution. Fixes/References -------------- https://github.com/vmware/xenon/commit/092ea98105040e68c6bd0bdf89b86d149dfad1b1 We would like to thank Chris Todd of VMware for reporting this issue. -------------- Edward Hawkins Senior Program Manager, Security Response security@...are.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.