VMware has released updates to address critical information disclosure vulnerability in the Oracle’s Java runtime environment (JRE).The update essentially installs the latest version of JRE into VMware systems where the old version of JRE was affected by CVE-2014-6593. The newer JRE versions fix other bugs as well, but the Full Disclosure entry for VMware is only concerned with CVE-2014-6593, which could allow information disclosure inside certain VMware environments. VMware products operating on JRE 1.7 update 75 and newer and JRE 1.6 update 91 and newer are not impacted by this vulnerability.
VMware Security Advisories
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street