Issued:: 2023-11-15
Updated:: 2023-11-15

RHSA-2023:7265 - Security Advisory

Overview
Updated Packages

Synopsis

Important: open-vm-tools security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

open-vm-tools: SAML token signature bypass (CVE-2023-34058)
open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64

Fixes

BZ - 2246080 - CVE-2023-34058 open-vm-tools: SAML token signature bypass
BZ - 2246096 - CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
open-vm-tools-12.2.5-3.el8_9.1.src.rpm	SHA-256: b06eaac9e44986815c21e0eedf60911c8802ba43012745238b29e595869689e0
x86_64
open-vm-tools-12.2.5-3.el8_9.1.x86_64.rpm	SHA-256: f918240fbf3b2d3e690ace341dd158bb86eaffbb5d10ef4767519efa824dbe28
open-vm-tools-debuginfo-12.2.5-3.el8_9.1.x86_64.rpm	SHA-256: 8a831acaa33da05301c176e5fc5e46574ba11d89600ac7f214057d891cbe879c
open-vm-tools-debugsource-12.2.5-3.el8_9.1.x86_64.rpm	SHA-256: 309e0ee4eb9e7a435885bd6b0036c0543217a03b60f40cc81a6fb709ea293f86
open-vm-tools-desktop-12.2.5-3.el8_9.1.x86_64.rpm	SHA-256: 5e01c4e8da89e4736f571e3a512ba6535d07c54ac75e642dbeba0eb788fb6c20
open-vm-tools-desktop-debuginfo-12.2.5-3.el8_9.1.x86_64.rpm	SHA-256: 00332a799d77ad50424165d95cedb2b5bcfdd8cd4683946f1ba1a74298e36fbe
open-vm-tools-salt-minion-12.2.5-3.el8_9.1.x86_64.rpm	SHA-256: cbfff8271102c6ee85590bb244f7989c49a78cae2f0ca93b42ac3a63a5317cb2
open-vm-tools-sdmp-12.2.5-3.el8_9.1.x86_64.rpm	SHA-256: 23ad33fd36b0a6040cde6ef2b4e415202503d94ecab8b3a8e82e9ff65912be5f
open-vm-tools-sdmp-debuginfo-12.2.5-3.el8_9.1.x86_64.rpm	SHA-256: 64fa09194135386fa789950f93a1099bd6a5a9b91c61884839cb3679b9cd1fe8
open-vm-tools-test-debuginfo-12.2.5-3.el8_9.1.x86_64.rpm	SHA-256: d90d4f02482db2c85d856f6e56b5c4f8b66e9dceb5e75132bbd0da8be5e3191b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation