[SECURITY] [DLA 4316-1] open-vm-tools security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4316-1] open-vm-tools security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 1 Oct 2025 05:47:53 +0000 (UTC)
Message-id: <[🔎] fcc1e1c-f43d-85c9-69e5-7a6b781dff86@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4316-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 30, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : open-vm-tools
Version        : 2:11.2.5-2+deb11u5
CVE ID         : CVE-2025-41244


An issue was found in open-vm-tools, a set of tools for VMs hosted on
VMware. The issue is related to a local privilege escalation in
combination with the get-versions.sh script, shipped with the service
discovery plugin (open-vm-tools-sdmp).


For Debian 11 bullseye, this problem has been fixed in version
2:11.2.5-2+deb11u5.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmjcwIlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEe9hA/+JH/NKEKGOR+LGDI3FP603Yrj3wbYln8j9JP/jvp07TcC54BNI4b25h49
k40w1VFV7uBgL93nWiAIiusXOHFaBtVFCnI20IhaSa98OIkyIRhiKHuec1PeY1vp
FbveMBTCG6E+4Gl4a+OJ51ZIfYj2sqbCppnfE78G1o42p/lMZ7KaNMqVJeSyDqAq
M02sm7tWhjB99FWBCw+sh0ZRUZji+583/wL8Gax8/Quh4P8tQWMOKlp1jrdIRF/9
zSMmPoGmkisEW8Ihh0DB0n+HCKY6lHSHz5Hh32F1B95Sg6YFjYXuk2P317IgoH73
MJ1SG6tzm2KyNVTVXT2DZDDiDd3a5NHVdrLNWxxTsCGwT0v8DBiz3LP5aG6KrFb1
r8inhbo33wS6BCfG+D4OY6ORSoFI9O6TsQLMlliPwQNDPEA2vYo8boak9fUhxhw1
WFgFv7uJrPa8Pao9xuNsQNCQL9MRAPb+IMmG39H1ikQKEi39QA9WItck6JkJiXlR
LQ/dVZ/DJ9aVAEJymhCgFLR+iUnvMXjNoariBlDeACYMWQZW12wVEM+6h7+iwDNx
D7tWjIHvikkS+iAxxo6C9FICeh6aA6EWzjyyTYFSq5jjMLXO9uGeFmiAbjdG49AI
FKxieP0AihJfMPTwo00j/9HmpCEwFVbn5iLnXBEHntMh2YMKPRQ=
=ErNv
-----END PGP SIGNATURE-----

Reply to:

Next by Date: [SECURITY] [DLA 4321-1] openssl security update
Next by thread: [SECURITY] [DLA 4321-1] openssl security update
Index(es):
- Date
- Thread