Issued:: 2023-09-19
Updated:: 2023-09-19

RHSA-2023:5213 - Security Advisory

Overview
Updated Packages

Synopsis

Important: open-vm-tools security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

open-vm-tools: SAML token signature bypass (CVE-2023-20900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

BZ - 2236542 - CVE-2023-20900 open-vm-tools: SAML token signature bypass

CVEs

CVE-2023-20900

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
open-vm-tools-10.3.10-3.el8_1.4.src.rpm	SHA-256: 9b1534f0e4380ab7326fde1218d7cccdeb762c572619b812d6425bce0aefef7c
x86_64
open-vm-tools-10.3.10-3.el8_1.4.x86_64.rpm	SHA-256: ab3c5412f7e733367284da01dd2d265493091dee6a28adcfa2da3a0374e863ff
open-vm-tools-debuginfo-10.3.10-3.el8_1.4.x86_64.rpm	SHA-256: d9e94d95589f40d336482126420eecd896f82bf700103641583dcbd452e43306
open-vm-tools-debugsource-10.3.10-3.el8_1.4.x86_64.rpm	SHA-256: e8dfc2e3398f1c83fa2101408f9f9306047aaf298172d3f23733d458baf5952f
open-vm-tools-desktop-10.3.10-3.el8_1.4.x86_64.rpm	SHA-256: 5484a77a701c837458cccfe63fd812829abb35908949293dd1e1035b64df9e3e
open-vm-tools-desktop-debuginfo-10.3.10-3.el8_1.4.x86_64.rpm	SHA-256: 726094b2452a794d74925941da22974840e7c28fe4da0e2e6f41fe9ffe37b334
open-vm-tools-test-debuginfo-10.3.10-3.el8_1.4.x86_64.rpm	SHA-256: 7da9746f3b3f2b7ec69cc05ccdca0deab2aece5c8e27fa3e84a110bddadac968

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation