![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
![From Accountant to Data Engineer with Alyson La [Podcast #168]](https://cdn.hashnode.com/res/hashnode/image/upload/v1744420903260/fae4b593-d653-41eb-b70b-031591aa2f35.png?#)
.png?#)
![Apple Watch SE 2 On Sale for Just $169.97 [Deal]](https://www.iclarified.com/images/news/96996/96996/96996-640.jpg)
![Apple Posts Full First Episode of 'Your Friends & Neighbors' on YouTube [Video]](https://www.iclarified.com/images/news/96990/96990/96990-640.jpg)
VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components
VMware has released critical security updates to address 47 vulnerabilities across multiple VMware Tanzu Greenplum products, including 29 issues in VMware Tanzu Greenplum Backup and Restore and 18 bugs in various components of VMware Tanzu Greenplum. The security advisories, published on April 7, 2025, include patches for vulnerabilities with CVSS scores as high as 9.8, […] The post VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components appeared first on Cyber Security News.
.png?#)
VMware has released critical security updates to address 47 vulnerabilities across multiple VMware Tanzu Greenplum products, including 29 issues in VMware Tanzu Greenplum Backup and Restore and 18 bugs in various components of VMware Tanzu Greenplum.
The security advisories, published on April 7, 2025, include patches for vulnerabilities with CVSS scores as high as 9.8, indicating critical severity levels that require immediate attention from organizations using these products.
Significant Security Vulnerabilities Addressed
Among the 29 vulnerabilities in VMware Tanzu Greenplum Backup and Restore, several are classified as critical, including CVE-2023-39320, CVE-2024-24790, and GHSA-v778-237x-gjrc.
CVE-2023-39320 and CVE-2024-24790 are critical vulnerabilities (CVSS 9.8) likely involving privilege escalation or remote code execution risks in backup operations.
GHSA-v778-237x-gjrc addresses a critical authorization bypass in Golang’s golang.org/x/crypto module (versions <0.31.0), where improper handling of SSH server public key callbacks could let attackers gain unauthorized access by testing multiple keys
High-severity issues such as CVE-2025-22866 and CVE-2023-44487 were also patched in this release.
CVE-2025-22866 affects VMware Tanzu Platform for Cloud Foundry’s networking components, including cf-networking and silk, which could enable unauthorized network access or data interception in isolation segments.
CVE-2023-44487, a HTTP/2 protocol flaw (CVSS 7.5), allows denial-of-service attacks via rapid stream resets, potentially overwhelming servers with resource consumption.
The security update for Tanzu Greenplum 6.29.0 addresses 18 vulnerabilities across multiple components, with critical flaws identified in PL/Container Python3 Image (GHSA-f73w-4m7g-ch9x and CVE-2024-3596) and DataSciencePython3.9 (GHSA-x4wf-678h-2pmq).
The vulnerabilities span numerous components, potentially exposing systems to various attack vectors.
The Greenplum Platform Extensions Framework contains two critical vulnerabilities (CVE‑2024‑47561 and CVE‑2018‑1282) that could lead to significant security breaches if left unpatched.
CVE‑2024‑47561 is a critical vulnerability in the Java SDK of Apache Avro (versions up to 1.11.3) that allows attackers to execute arbitrary code via deserialization of untrusted data during schema parsing.
CVE‑2018‑1282 is a critical SQL injection vulnerability in the Apache Hive JDBC driver (versions 0.7.1 to 2.3.2).
Users implementing backup operations with the gpbackup utility should note that version 1.31.0 introduces crucial fixes, particularly for privilege statement syntax issues on Greenplum 7 procedures. The command:
now operates with enhanced security when performing incremental backups on affected systems.
The broadcom security advisory confirms the security updates for VMware Tanzu Greenplum (versions prior to 6.29.0), VMware Tanzu Greenplum Backup and Restore (versions prior to 1.31.0), and VMware Tanzu Greenplum Platform Extension Framework (versions prior to 6.11.1).
New Features Amid Security Fixes
Despite the security-focused nature of these releases, VMware has included functional improvements in Tanzu Greenplum Backup and Restore 1.31.0, such as support for taking backups on a GPDR recovery cluster. The associated gpbackup_helper utility remains unchanged in this release.
For Tanzu Greenplum Disaster Recovery, the recent 1.3.0 release introduced a Read Replica mode supporting Greenplum 6.29.0 and above, allowing users to run read-only queries against recovery clusters. This feature can be enabled using the read-replica command.
Immediate Action Required
Security experts recommend immediate patching to the latest versions. Organizations using VMware Tanzu Greenplum Backup and Restore should upgrade to version 1.31.0 or later, while Tanzu Greenplum users should implement version 6.29.0 or newer.
For administrators unable to patch immediately, reviewing and implementing suggested mitigations from VMware’s advisory is critical.
The Cyber Centre emphasizes the importance of these updates, particularly since some vulnerabilities date back approximately three years.
These patches reinforce Broadcom’s ongoing commitment to security following its acquisition of VMware, with regular security updates now distributed through the Broadcom Support Portal.
The post VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components appeared first on Cyber Security News.
