open-vm-tools-11.0.5-3.el7.6

エラータID: AXSA:2023-6175:05

Release date: 
Friday, June 30, 2023 - 02:37
Subject: 
open-vm-tools-11.0.5-3.el7.6
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

* open-vm-tools: authentication bypass vulnerability in the vgauth module (CVE-2023-20867)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* [ESXi] vmtoolsd task is blocked in the uninterruptible state while attempting to delete (unlink) the file 'quiesce_manifest.xml'
* [ESXi][open-vm-tools] Snapshot of the Asianux Server 7 guest on the VMWare ESXi hypervisor failed vm hangs

CVE-2023-20867
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Solution: 

Update packages.

CVEs: 
CVE-2023-20867
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
Additional Info: 

N/A

Download: 

SRPMS
  1. open-vm-tools-11.0.5-3.el7.6.src.rpm
    MD5: 987200abaf0c76b9a7210b945ded25aa
    SHA-256: 017f170b724b327c471757ecbb788ef2908c1fe000fba32d34003f5f4e933e52
    Size: 3.82 MB

Asianux Server 7 for x86_64
  1. open-vm-tools-11.0.5-3.el7.6.x86_64.rpm
    MD5: d0fd69756c2e34faa35d85043ddc589b
    SHA-256: 397cf03cf57fadfb0fcb3dd46128628d325acfa9701b50557423b52f085ea7a8
    Size: 676.11 kB
  2. open-vm-tools-desktop-11.0.5-3.el7.6.x86_64.rpm
    MD5: b9155450cc1053a85e09bae63eaec4d3
    SHA-256: f67ea8ae01b0fc9d1512c1fc89723307cfedaf0cea5e762b63c687e3105f7bf6
    Size: 178.91 kB