MGASA-2024-0058

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0058.html

Import Source

https://advisories.mageia.org/MGASA-2024-0058.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0058

Related

CVE-2023-34058
CVE-2023-34059

Published

2024-03-14T17:25:59Z

Modified

2024-03-14T17:12:35Z

Summary

Updated open-vm-tools packages fix security vulnerabilities

Details

The updated packages fix security vulnerabilities: Authentication bypass vulnerability in the vgauth module. (CVE-2023-20867) SAML token signature bypass. (CVE-2023-34058) File descriptor hijack vulnerability in the vmware-user-suid-wrapper. (CVE-2023-34059)

References

https://advisories.mageia.org/MGASA-2024-0058.html
https://bugs.mageia.org/show_bug.cgi?id=32454
https://access.redhat.com/errata/RHSA-2023:3948
https://www.openwall.com/lists/oss-security/2023/10/27/1
https://www.openwall.com/lists/oss-security/2023/10/27/2
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5
https://www.vmware.com/security/advisories/VMSA-2023-0024.html

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2024-0058

Affected packages