Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN744 _____________________________________________________________________ DATE : 29/10/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu products. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36258 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36259 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36260 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36261 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36262 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36263 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36264 _____________________________________________________________________ Product Release Advisory - VMware Tanzu GemFire 10.2.0 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services Pack VMware Tanzu Data Suite VMware Tanzu Gemfire Notification Id 36258 Last Updated 28 October 2025 Initial Publication Date 28 October 2025 Status CLOSED Severity HIGH CVSS Base Score WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0123 Severity: High Issue Date: 2025-10-28 Updated on: 2025-10-28 Synopsis Bumped multiple dependencies, which resulted in at least 5 CVEs remediated in this release Product Version Release Advisory VMware Tanzu GemFire 10.2.0 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire/10-2/gf/release_notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Netty CVE-2025-58057 (high) CVE-2025-58056 (high) CVE-2025-55163 (high) Jetty CVE-2025-5115 / BDSA-2025-9581 (medium) CVE-2024-6763 / BDSA-2024-7229 (low) History 2025-10-28 Initial vulnerability report published. Contact E-mail: [email protected] VMware Tanzu Security Advisories https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu GemFire Management Console 1.4.1 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services Pack VMware Tanzu Data Suite VMware Tanzu Gemfire Notification Id 36259 Last Updated 28 October 2025 Initial Publication Date 28 October 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0124 Severity: Critical Issue Date: 2025-10-28 Updated on: 2025-10-28 Synopsis Bumped some dependencies to fix certain CVEs listed below Product Version Release Advisory VMware Tanzu GemFire Management Console Release 1.4.1 https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire-management-console/1-4/gf-mc/release_notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved vmware-gemfire-management-console CVE-2016-1000027 (Critical) CVE-2024-6345 (High) CVE-2025-47273 (High) CVE-2025-47907 (High) CVE-2025-53864 (Medium) CVE-2025-22227 (Medium) CVE-2025-8869 (Medium) CVE-2025-11226 (Medium) CVE-2025-54388 (Medium) CVE-2025-47906 (Medium) CVE-2024-12798 (Medium) History 2025-10-28: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey 7.2.11 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey Notification Id 36260 Last Updated 28 October 2025 Initial Publication Date 28 October 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.9 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0125 Severity: Critical Issue Date: October 28, 2025 Updated on: October 28, 2025 Synopsis Many critical & high vulnerabilities were found in Valkey 7.2.10, which is addressed in Valkey 7.2.11 Product Version Release Advisory VMware Tanzu for Valkey https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-valkey/7-2/tanzu-valkey-docs/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey 7.2.10, fixed in Valkey 7.2.11 CVE-2025-49844 (critical) CVE-2025-46817 (critical) CVE-2025-46818 (high) CVE-2025-46819 (high) CVE-2025-4674 (high) CVE-2025-7425 (high) CVE-2025-32415 (high) CVE-2025-5914 (high) CVE-2025-47907 (high) CVE-2025-5222 (high) CVE-2025-47906 (medium) CVE-2022-29458 (medium) CVE-2025-32414 (medium) CVE-2025-8058 (medium) History 2025-10-28: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey 8.0.5 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey Notification Id 36261 Last Updated 28 October 2025 Initial Publication Date 28 October 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0126 Severity: Critical Issue Date: October 28, 2025 Updated on: October 28, 2025 Synopsis 1 critical vulnerability was found in Valkey 8.0.4, which is addressed in Valkey 8.0.5 Product Version Release Advisory VMware Tanzu for Valkey https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-valkey/8-0/tanzu-valkey-docs/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey 8.0.4, fixed in Valkey 8.0.5 CVE-2025-27151(critical) History 2025-10-28: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey 8.0.6 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey Notification Id 36262 Last Updated 28 October 2025 Initial Publication Date 28 October 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.9 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0127 Severity: Critical Issue Date: October 28, 2025 Updated on: October 28, 2025 Synopsis Few critical and high vulnerabilities were found in Valkey 8.0.5, which is addressed in Valkey 8.0.6 Product Version Release Advisory VMware Tanzu for Valkey https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-valkey/8-0/tanzu-valkey-docs/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey 8.0.5, fixed in Valkey 8.0.6 CVE-2025-49844 (critical) CVE-2025-46817 (critical) CVE-2025-46818 (high) CVE-2025-46819 (high) CVE-2025-4674 (high) CVE-2025-7425 (high) CVE-2025-32415 (high) CVE-2025-5914 (high) CVE-2025-47907 (high) CVE-2025-5222 (high) CVE-2025-47906 (medium) CVE-2022-29458 (medium) CVE-2025-32414 (medium) CVE-2025-8058 (medium) History 2025-10-28: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey 8.1.4 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey Notification Id 36263 Last Updated 28 October 2025 Initial Publication Date 28 October 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.9 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0128 Severity: Critical Issue Date: October 28, 2025 Updated on: October 28, 2025 Synopsis Many critical & high vulnerabilities were found in Valkey 8.1.3, which is addressed in Valkey 8.1.4 Product Version Release Advisory VMware Tanzu for Valkey https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-valkey/8-1/tanzu-valkey-docs/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey 8.1.3, fixed in Valkey 8.1.4 CVE-2025-49844 (critical) CVE-2025-46817 (critical) CVE-2025-46818 (high) CVE-2025-46819 (high) CVE-2025-4674 (high) CVE-2025-7425 (high) CVE-2025-32415 (high) CVE-2025-5914 (high) CVE-2025-47907 (high) CVE-2025-5222 (high) CVE-2025-47906 (medium) CVE-2022-29458 (medium) CVE-2025-32414 (medium) CVE-2025-8058 (medium) History 2025-10-28: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey on Kubernetes 3.2.0 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey Notification Id 36264 Last Updated 28 October 2025 Initial Publication Date 28 October 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.9 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0129 Severity: Critical Issue Date: October 28, 2025 Updated on: October 28, 2025 Synopsis Many critical & high vulnerabilities were found in Valkey for Kubernetes 3.1.0, which is addressed in Valkey for Kubernetes 3.2.0 Product Version Release Advisory VMware Tanzu for Valkey on Kubernetes https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-valkey-on-kubernetes/3-2/valkey-on-kubernetes/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey 3.1.0, fixed in Valkey 3.2.0 CVE-2025-49844 (critical) CVE-2025-46817 (critical) CVE-2025-46818 (high) CVE-2025-46819 (high) CVE-2025-4674 (high) CVE-2025-7425 (high) CVE-2025-32415 (high) CVE-2025-5914 (high) CVE-2025-47907 (high) CVE-2025-5222 (high) CVE-2025-47906 (medium) CVE-2022-29458 (medium) CVE-2025-32414 (medium) CVE-2025-8058 (medium) History 2025-10-28: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================