open-vm-tools-12.1.5-2.el8.3.ML.1

エラータID: AXSA:2023-6434:09

Release date: 
Tuesday, September 26, 2023 - 00:07
Subject: 
open-vm-tools-12.1.5-2.el8.3.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

* open-vm-tools: SAML token signature bypass (CVE-2023-20900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A95... in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479... .

Solution: 

Update packages.

CVEs: 
CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
Additional Info: 

N/A

Download: 

SRPMS
  1. open-vm-tools-12.1.5-2.el8.3.ML.1.src.rpm
    MD5: aa4bb4b3faafc39aba1e3727b3a20ab6
    SHA-256: 38b61c79f67dcc37d84df9b981741c45083a2476800281c193800899225ac090
    Size: 4.16 MB

Asianux Server 8 for x86_64
  1. open-vm-tools-12.1.5-2.el8.3.ML.1.x86_64.rpm
    MD5: 96c2e1584e6cbe4b378a3fa38596eaa7
    SHA-256: f9c86e7b305e0441476a7e0cfcb7fad1c102246b3f113c6bf8eb50979f385e04
    Size: 875.54 kB
  2. open-vm-tools-desktop-12.1.5-2.el8.3.ML.1.x86_64.rpm
    MD5: 5c065c94ff77750ad3fc02d919a4c087
    SHA-256: b73bfc9bd8237f3e7148850f216d21ded1abee39a3559b1ee3ed8ab071ac8692
    Size: 201.77 kB
  3. open-vm-tools-salt-minion-12.1.5-2.el8.3.ML.1.x86_64.rpm
    MD5: d634daad6890da24e607907e129f0ccf
    SHA-256: d1dfab82ccbda94441b5029f3de1d267ef873c2a991d45f643dfb23a30780741
    Size: 41.61 kB
  4. open-vm-tools-sdmp-12.1.5-2.el8.3.ML.1.x86_64.rpm
    MD5: c0895e9b7789088eecb4548e4e7310cb
    SHA-256: 7ab80cf5f12126302a4896108f43d990d18dd0ec906e3959b7a2fcbe0ce5b79c
    Size: 42.57 kB