Issued:: 2023-11-15
Updated:: 2023-11-15

RHSA-2023:7260 - Security Advisory

Overview
Updated Packages

Synopsis

Important: open-vm-tools security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

open-vm-tools: SAML token signature bypass (CVE-2023-34058)
open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

BZ - 2246080 - CVE-2023-34058 open-vm-tools: SAML token signature bypass
BZ - 2246096 - CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
open-vm-tools-10.3.10-3.el8_1.5.src.rpm	SHA-256: 3379e4f338492c9fa50a097db2c068e4b678f687916bdff605d83660e8fec26e
x86_64
open-vm-tools-10.3.10-3.el8_1.5.x86_64.rpm	SHA-256: f78d21d72b58850e6266efc92ee83ae9f0d3fd756d429275ffa28af28a61d312
open-vm-tools-debuginfo-10.3.10-3.el8_1.5.x86_64.rpm	SHA-256: 109de171adfd134e6b0eab11211626aab374ddb473103adf29210889eb0d5fce
open-vm-tools-debugsource-10.3.10-3.el8_1.5.x86_64.rpm	SHA-256: 2e5ef25d2f917886b9e55944b222dbae1b24eea95eac45deed885384ebbeba1f
open-vm-tools-desktop-10.3.10-3.el8_1.5.x86_64.rpm	SHA-256: 7f9470677fdf9b498e1991d619e027b70ef16e363a405bbd49186096e25897d8
open-vm-tools-desktop-debuginfo-10.3.10-3.el8_1.5.x86_64.rpm	SHA-256: e32d8f3a4604f5c1b7b560d6cde311d369e60d426dd4ed31fb4713a2c21808c9
open-vm-tools-test-debuginfo-10.3.10-3.el8_1.5.x86_64.rpm	SHA-256: a35990c1e33835a0bdaaea1231802b287992da31505d4c8faebbecf3dedfb73d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Ansible.com

Red Hat Ecosystem Catalog

Red Hat Hybrid Cloud Console

Red Hat Store

Red Hat Marketplace

Red Hat Summit and AnsibleFest