SUSE-SU-2023:4227-1

UNKNOWN

Security update for open-vm-tools

Published Oct 27, 2023

Modified 2 years ago

Fix available

Details

This update for open-vm-tools fixes the following issues:

CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432).
CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper (bsc#1216433).

Affected Packages

libvmtools-devel

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Module for Basesystem 15 SP4SUSE Linux Enterprise Module for Basesystem 15 SP5

Fixed in:

12.3.0-150300.43.1

libvmtools0

Fixed in:

12.3.0-150300.43.1

open-vm-tools

Fixed in:

12.3.0-150300.43.1

open-vm-tools-containerinfo

Fixed in:

12.3.0-150300.43.1

open-vm-tools-desktop

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Module for Desktop Applications 15 SP4SUSE Linux Enterprise Module for Desktop Applications 15 SP5

Fixed in:

12.3.0-150300.43.1

open-vm-tools-salt-minion

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise Module for Basesystem 15 SP4SUSE Linux Enterprise Module for Basesystem 15 SP5SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

12.3.0-150300.43.1

open-vm-tools-sdmp

Fixed in:

12.3.0-150300.43.1

References

REPORT

https://bugzilla.suse.com/1216432

REPORT

https://bugzilla.suse.com/1216433

WEB

https://www.suse.com/security/cve/CVE-2023-34058