[ALSA-2023:7265] Important: open-vm-tools security update
Type:
security
Severity:
important
Release date:
2023-11-23
Description:
The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fix(es): * open-vm-tools: SAML token signature bypass (CVE-2023-34058) * open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
x86_64 open-vm-tools-desktop-12.2.5-3.el8_9.1.alma.1.x86_64.rpm a42757a66489e02ed9e3d5c980da89a638ab83afd22c885d27b0c7d514d05a92
x86_64 open-vm-tools-salt-minion-12.2.5-3.el8_9.1.alma.1.x86_64.rpm b576e3e2c97ebafe1eccb688771b6ad28244bc84a6cd9902451e1feffd7d18f9
x86_64 open-vm-tools-12.2.5-3.el8_9.1.alma.1.x86_64.rpm c441fe607d644b6816642442a6a6e2a369d80133a2c8bd24592bad4b69bd6ac9
x86_64 open-vm-tools-sdmp-12.2.5-3.el8_9.1.alma.1.x86_64.rpm ea32b0405549bf0ee8bacffdca26e39833077d63005ec7724b29d179716317a2
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.