open-vm-tools security update

2023-09-2613:25:26

Rockylinux Product Errata

errata.rockylinux.org

open-vm-tools

security update

rocky linux 8

cvss

cve

saml token signature bypass

virtual machines

vmware tools

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.9%

JSON

An update is available for open-vm-tools.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

open-vm-tools: SAML token signature bypass (CVE-2023-20900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky8x86_64open-vm-tools< 12.1.5-2.el8_8.3open-vm-tools-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky8x86_64open-vm-tools-debuginfo< 12.1.5-2.el8_8.3open-vm-tools-debuginfo-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky8x86_64open-vm-tools-debugsource< 12.1.5-2.el8_8.3open-vm-tools-debugsource-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky8x86_64open-vm-tools-desktop< 12.1.5-2.el8_8.3open-vm-tools-desktop-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky8x86_64open-vm-tools-desktop-debuginfo< 12.1.5-2.el8_8.3open-vm-tools-desktop-debuginfo-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky8x86_64open-vm-tools-salt-minion< 12.1.5-2.el8_8.3open-vm-tools-salt-minion-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky8x86_64open-vm-tools-sdmp< 12.1.5-2.el8_8.3open-vm-tools-sdmp-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky8x86_64open-vm-tools-sdmp-debuginfo< 12.1.5-2.el8_8.3open-vm-tools-sdmp-debuginfo-0:12.1.5-2.el8_8.3.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	8	x86_64	open-vm-tools	< 12.1.5-2.el8_8.3	open-vm-tools-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky	8	x86_64	open-vm-tools-debuginfo	< 12.1.5-2.el8_8.3	open-vm-tools-debuginfo-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky	8	x86_64	open-vm-tools-debugsource	< 12.1.5-2.el8_8.3	open-vm-tools-debugsource-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky	8	x86_64	open-vm-tools-desktop	< 12.1.5-2.el8_8.3	open-vm-tools-desktop-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky	8	x86_64	open-vm-tools-desktop-debuginfo	< 12.1.5-2.el8_8.3	open-vm-tools-desktop-debuginfo-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky	8	x86_64	open-vm-tools-salt-minion	< 12.1.5-2.el8_8.3	open-vm-tools-salt-minion-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky	8	x86_64	open-vm-tools-sdmp	< 12.1.5-2.el8_8.3	open-vm-tools-sdmp-0:12.1.5-2.el8_8.3.x86_64.rpm
rocky	8	x86_64	open-vm-tools-sdmp-debuginfo	< 12.1.5-2.el8_8.3	open-vm-tools-sdmp-debuginfo-0:12.1.5-2.el8_8.3.x86_64.rpm