Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN436 _____________________________________________________________________ DATE : 10/07/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu Data Suite, VMware Tanzu Greenplum VMware Tanzu Greenplum / Gemfire. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35894 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35929 _____________________________________________________________________ Product Release Advisory - VMware Tanzu Greenplum 7.5.0 Product/Component VMware Tanzu Data Suite VMware Tanzu Greenplum VMware Tanzu Greenplum / Gemfire Notification Id 35894 Last Updated 09 July 2025 Initial Publication Date 09 July 2025 Status OPEN Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE See the list in advisory Security Advisory Security Advisory Advisory ID: TNZ-2025-0031 Severity: Critical Issue Date: July 9, 2025 Updated on: July 9, 2025 Synopsis VMware Tanzu Greenplum 7.5.0 addresses the following security vulnerabilities. Product Version Release Advisory VMware Tanzu Greenplum 7.5.0 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum/7/greenplum-database/relnotes-release-notes.html#release-7.5.0 Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Greenplum Server CVE-2025-1094 (high) CVE-2024-10979 (high) CVE-2024-7348 (high) CVE-2023-2455 (medium) CVE-2023-5870 (medium) CVE-2024-10976 (medium) CVE-2024-10978 (medium) CVE-2022-41862 (low) CVE-2024-10977 (low) PL/Container Python3 Image GHSA-f73w-4m7g-ch9x (critical) CVE-2024-3596 (critical) CVE-2023-37920 (critical) GHSA-q2x7-8rv6-6q7h (medium) GHSA-4vmg-rw8f-92f9 (critical) PL/Container R Image CVE-2022-42967 (critical) CVE-2023-37920 (critical) CVE-2024-3596 (critical) DataSciencePython3.11 GHSA-x4wf-678h-2pmq (critical) GHSA-f73w-4m7g-ch9x (critical) GHSA-4vmg-rw8f-92f9 (critical) Cluster Management - Go standard library CVE-2025-22871 (medium) History 2025-07-9: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu GemFire 9.15.16 Product/Component VMware Tanzu Data Suite VMware Tanzu Gemfire VMware Tanzu Greenplum / Gemfire Notification Id 35929 Last Updated 09 July 2025 Initial Publication Date 09 July 2025 Status CLOSED Severity MEDIUM CVSS Base Score WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0042 Severity: Medium Issue Date: 2025-07-09 Updated on: 2025-07-09 Synopsis Bumped multiple dependencies, which resulted in at least 2 CVEs remediated in this release Product Version Release Advisory VMware Tanzu GemFire 9.15.16 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire/9-15/gf/release_notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Spring CVE-2025-22233 (low) DOMPurify CVE-2025-26791 (medium) History 2025-07-09: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================