Ubuntu
open-vm-tools package

Change logs for open-vm-tools source package in Lunar

  1. Lunar (23.04)
  2. Change log 
  • open-vm-tools (2:12.1.5-3ubuntu0.23.04.3) lunar-security; urgency=medium

  * SECURITY UPDATE: SAML Bypass
    - debian/patches/CVE-2023-34058.patch: don't accept tokens with
      unrelated certs in open-vm-tools/vgauth/common/certverify.c,
      open-vm-tools/vgauth/common/certverify.h,
      open-vm-tools/vgauth/common/prefs.h,
      open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
    - CVE-2023-34058
  * SECURITY UPDATE: file descriptor hijack
    - debian/patches/CVE-2023-34059.patch: change privilege dropping order
      in  open-vm-tools/services/vmtoolsd/mainPosix.c,
      open-vm-tools/vmware-user-suid-wrapper/main.c.
    - CVE-2023-34059

 -- Marc Deslauriers <email address hidden>  Fri, 27 Oct 2023 07:37:42 -0400
  • open-vm-tools (2:12.1.5-3ubuntu0.23.04.2) lunar-security; urgency=medium

  * SECURITY UPDATE: SAML token signature bypass vulnerability
    - debian/patches/CVE-2023-20900.patch: Allow only X509 certs to verify
      the SAML token signature in
      open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
    - CVE-2023-20900

 -- Marc Deslauriers <email address hidden>  Mon, 11 Sep 2023 14:45:11 -0400
  • open-vm-tools (2:12.1.5-3ubuntu0.23.04.1) lunar-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2023-20867.patch: Remove some dead code
    - CVE-2023-20867

 -- Nishit Majithia <email address hidden>  Tue, 25 Jul 2023 09:39:44 +0530
  • open-vm-tools (2:12.1.5-3) unstable; urgency=medium

  * [1e4d8a9] Remove libprocps-dev build-dep. (Closes: #1027271)

 -- Bernd Zeimetz <email address hidden>  Tue, 03 Jan 2023 12:19:05 +0100
  • open-vm-tools (2:12.1.5-2) unstable; urgency=medium

  * [f450cf8] Fix building with gRPC 1.51+
    Thanks to Laszlo Boszormenyi (GCS) (Closes: #1025491)

 -- Bernd Zeimetz <email address hidden>  Sat, 24 Dec 2022 16:52:48 +0100
  • open-vm-tools (2:12.1.5-1) unstable; urgency=medium

  * [d4a64a2] New upstream version 12.1.5
  * [adcd7a9] Remove accidentally added patch backup files

 -- Bernd Zeimetz <email address hidden>  Wed, 07 Dec 2022 17:30:35 +0100
  • open-vm-tools (2:12.1.0-2) unstable; urgency=medium

  [ Debian Janitor ]
  * [2d8b9bb] Update lintian override info to new format on line 2.
    Changes-By: lintian-brush
    Fixes: lintian: mismatched-override
    See-also: https://lintian.debian.org/tags/mismatched-override.html

  [ Bernd Zeimetz ]
  * [fa63406] Move libguestStore.so, libgdp.so to open-vm-tools
    (Closes: #1021611) (LP: #1992501)

 -- Bernd Zeimetz <email address hidden>  Mon, 14 Nov 2022 16:19:10 +0100
  • open-vm-tools (2:12.1.0-1) unstable; urgency=high

  * [e704b2c] New upstream version 12.1.0
    Closes: #1018012 / CVE-2022-31676
  * [f9048c4] Remove patches applied upstream

 -- Bernd Zeimetz <email address hidden>  Wed, 24 Aug 2022 09:49:58 +0200