I would not try to 'retrofit' newer open source components into a commercial product without the consent of VMware.
You have no idea whether those newer libraries will break Workstation, and if you try to get help from VMware you'll be told to revert those changes and be admonished for making unauthorized changes to the software. You also have no idea whether Workstation is impacted by those issues. I've found that many times security vulnerabilities in open source libraries may not impact a product due to how they are used. For example, if Workstation doesn't do any of those operations listed, they won't be subject to the bugs.
VMware does seem to have a formal process https://www.vmware.com/security/vsrc.html if you're concerned. It starts with opening a support request. If it's like other vendors, though, you'd better be prepared to show the impact other than just looking at versions and saying "it's not the latest and OMG look at the security issues that were fixed".
- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides
