[SECURITY] [DLA 3531-1] open-vm-tools security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3531-1] open-vm-tools security update
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Wed, 16 Aug 2023 22:46:51 +0530
Message-id: <[🔎] CAPP0f966DneQmPmjkaWzD93UP32GKcjUrGrrjWw8P63V6OfOhQ@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3531-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
August 16, 2023                             https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : open-vm-tools
Version        : 2:10.3.10-1+deb10u4
CVE ID         : CVE-2023-20867
Debian Bug     : 1037546

open-vm-tools is a package that provides Open VMware Tools for virtual
machines hosted on VMware.

It was discovered that Open VM Tools incorrectly handled certain
authentication requests. A fully compromised ESXi host can force Open
VM Tools to fail to authenticate host-to-guest operations, impacting
the confidentiality and integrity of the guest virtual machine.

For Debian 10 buster, this problem has been fixed in version
2:10.3.10-1+deb10u4.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmTdBFIACgkQgj6WdgbD
S5bTpQ/+JJJuaFcoftve+m5itK7WXEvTKP+pBkYer5F+Hc1wmpA2CXYTGLEHlKGg
9TKW2U+kM3jdBgN75h4V2HrbvDM2VKC0QcQTjxSlAeiZMLs92aPwJp3De9feA4TU
SOEHGMeaP3q7pIOHXFkD/RAmAPL9ow4+8AOabvA4Yzb4YZefDK53cydzg6VlOcQ1
GL9XWh6V/C4FqKOLUZRXL9NcQQofj6RKuWI3ZnG3JyLQvr6+ILXwNHj6RovjxFoM
+swcMGTdg7lNPV4lVCI8slFBmzBpfiGx8bhfxDL5sRciDlj2kElqETEC/wgVTE+Z
KHpIljyQQa1rNVlvBXfkbRGGqIVhaN325NpKb/074REWTxi6rtX9L0TD0cxMVr77
uxTqQl0R6U6IJg5VmC/7cUMdRVFxYQCwHX4nvsgt5+nD1/9URjB3HFdfwfcBnH+z
HXmN/LHYuO1ndxVfBuPafAwlv7qXeG+TiSgkK5qknKUt5rcXCh2Qg4j0swrtDMto
2k6A15/sWy1yoveIH1Mp2ofs475IQKaDo+Klye7GO2AS13/VuMZapEEI50s2YjP+
M7q5NRS/Z7lNSnib1mxJ/2R71FcigexAUZyxUtlPqS60jGF15hvtzJzbuH4XRYJj
RchnlX+3KpsoHqdepBvTSNgb1KIdvgu3tTHmMB7ynkeCBTnuYrQ=
=I6M1
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3530-1] openssl security update
Next by Date: [SECURITY] [DLA 3532-1] openssh security update
Previous by thread: [SECURITY] [DLA 3530-1] openssl security update
Next by thread: [SECURITY] [DLA 3532-1] openssh security update
Index(es):
- Date
- Thread