Publishing details
Changelog
open-vm-tools (2:12.1.5-3~ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: SAML Bypass
- debian/patches/CVE-2023-34058.patch: don't accept tokens with
unrelated certs in open-vm-tools/vgauth/common/certverify.c,
open-vm-tools/vgauth/common/certverify.h,
open-vm-tools/vgauth/common/prefs.h,
open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
- CVE-2023-34058
* SECURITY UPDATE: file descriptor hijack
- debian/patches/CVE-2023-34059.patch: change privilege dropping order
in open-vm-tools/services/vmtoolsd/mainPosix.c,
open-vm-tools/vmware-user-suid-wrapper/main.c.
- CVE-2023-34059
-- Marc Deslauriers <email address hidden> Fri, 27 Oct 2023 07:38:17 -0400
Builds
Built packages
-
open-vm-tools
Open VMware Tools for virtual machines hosted on VMware (CLI)
-
open-vm-tools-containerinfo
Open VMware Tools for VMs hosted on VMware (Service Discovery Plugin)
-
open-vm-tools-containerinfo-dbgsym
debug symbols for open-vm-tools-containerinfo
-
open-vm-tools-dbgsym
debug symbols for open-vm-tools
-
open-vm-tools-desktop
Open VMware Tools for virtual machines hosted on VMware (GUI)
-
open-vm-tools-desktop-dbgsym
debug symbols for open-vm-tools-desktop
-
open-vm-tools-dev
Open VMware Tools for virtual machines hosted on VMware (development)
-
open-vm-tools-salt-minion
Open VMware Tools for VMs hosted on VMware (Service Discovery Plugin)
-
open-vm-tools-sdmp
Open VMware Tools for VMs hosted on VMware (Service Discovery Plugin)
-
open-vm-tools-sdmp-dbgsym
debug symbols for open-vm-tools-sdmp
Package files