Overview
Request 1121336 accepted
- Update to 12.3.5 (build 22544099) (boo#1216670)
- There are no new features in the open-vm-tools 12.3.5 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release resolves CVE-2023-34058. For more information on this
vulnerability and its impact on VMware products, see
https://www.vmware.com/security/advisories/VMSA-2023-0024.html.
- This release resolves CVE-2023-34059 which only affects open-vm-tools.
For more information on this vulnerability, please see the Resolved
Issues section of the Release Notes.
- A GitHub issue has been handled. Please see the Resolved Issues section
of the Release Notes.
- An update to the deployPkg plugin to coordinate with recent releases
of cloud-init for improvement for guest VM customization.
- For issues resolved in this release, see the Resolved Issues
section of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md
- The granular changes that have gone into the 12.3.5 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/open-vm-tools/ChangeLog
- Drop patch now contained in 12.3.5:
- Fix (bsc#1216432) - VUL-0: CVE-2023-34058: open-vm-tools: SAML token
signature bypass vulnerability.
- Fix (bsc#1216433) - VUL-0: : CVE-2023-34059: open-vm-tools: file
descriptor hijack vulnerability
+ Add patch:
- Created by kallan
- In state accepted
- 4 package maintainers
Request History
kallan created request
- Update to 12.3.5 (build 22544099) (boo#1216670)
- There are no new features in the open-vm-tools 12.3.5 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release resolves CVE-2023-34058. For more information on this
vulnerability and its impact on VMware products, see
https://www.vmware.com/security/advisories/VMSA-2023-0024.html.
- This release resolves CVE-2023-34059 which only affects open-vm-tools.
For more information on this vulnerability, please see the Resolved
Issues section of the Release Notes.
- A GitHub issue has been handled. Please see the Resolved Issues section
of the Release Notes.
- An update to the deployPkg plugin to coordinate with recent releases
of cloud-init for improvement for guest VM customization.
- For issues resolved in this release, see the Resolved Issues
section of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md
- The granular changes that have gone into the 12.3.5 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/open-vm-tools/ChangeLog
- Drop patch now contained in 12.3.5:
- Fix (bsc#1216432) - VUL-0: CVE-2023-34058: open-vm-tools: SAML token
signature bypass vulnerability.
- Fix (bsc#1216433) - VUL-0: : CVE-2023-34059: open-vm-tools: file
descriptor hijack vulnerability
+ Add patch:
kallan accepted request
Self-ACK
