Issued:: 2024-08-13
Updated:: 2024-08-13

RHSA-2024:5315 - Security Advisory

Overview
Updated Packages

Synopsis

Important: open-vm-tools security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for open-vm-tools is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

open-vm-tools: SAML token signature bypass (CVE-2023-20900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 7.7 x86_64

Fixes

BZ - 2236542 - CVE-2023-20900 open-vm-tools: SAML token signature bypass

CVEs

CVE-2023-20900

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
open-vm-tools-10.3.0-2.el7_7.3.src.rpm	SHA-256: 6bb7b5bec25ee7736382e5622f4febeae09aeeabd7f0bcfed40ba1930d7e87f7
x86_64
open-vm-tools-10.3.0-2.el7_7.3.x86_64.rpm	SHA-256: cddc677eb6bdedf5c464c8bce37372d05aaa020144c558a50fa10fffef327f66
open-vm-tools-debuginfo-10.3.0-2.el7_7.3.x86_64.rpm	SHA-256: 8ae6376e90bca285b27a2082ab5fb62feee1992773471f4c4d0266602f6ac45c
open-vm-tools-debuginfo-10.3.0-2.el7_7.3.x86_64.rpm	SHA-256: 8ae6376e90bca285b27a2082ab5fb62feee1992773471f4c4d0266602f6ac45c
open-vm-tools-desktop-10.3.0-2.el7_7.3.x86_64.rpm	SHA-256: 0eae52c8b2ced01fa20839dbe3cf34b686e0aafecb37b4e7555f2d8ac446c84b
open-vm-tools-devel-10.3.0-2.el7_7.3.x86_64.rpm	SHA-256: 62f9746ec9596824c6234276033970a7508c4c3ca375c6cfbc7d0ae313f8710e
open-vm-tools-test-10.3.0-2.el7_7.3.x86_64.rpm	SHA-256: 8ba887e5b108fde171783cf23290db1191125643af8af4cfc7d86fe6d6a28643

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation