CVE-2023-20900 (open-vm-tools) "Out of support scope" for RHEL 7?
There is a vulnerability with open-vm-tools described in this article:
https://access.redhat.com/security/cve/cve-2023-20900
Errata has not yet been released for it. RHEL 8 and RHEL 9 are listed as affected. RHEL 7 is listed as 'out of support scope'.
This CVE is marked as 'Important'. RHEL7 is in Maintenance Support 2 phase, which ends in June 2024. Lifecycles are covered here:
https://access.redhat.com/support/policy/updates/errata/#Maintenance_Support_2_Phase
In that article, the following is stated:
**
During the Maintenance Support Phase for Red Hat Enterprise Linux Version 8 & 9, and Maintenance Support 2 Phase for Red Hat Enterprise Linux version 7, Red Hat defined Critical and Important impact Security Advisories (RHSAs) and selected (at Red Hat discretion) Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate.
**
That appears to imply that security errata that is marked 'Important' would still apply to RHEL 7.
Am I missing something here?