SUSE-SU-2023:3795-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2023/suse-su-20233795-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3795-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2023:3795-1
Related
Published
2023-09-26T16:06:28Z
Modified
2023-09-26T16:06:28Z
Summary
Security update for open-vm-tools
Details

This update for open-vm-tools fixes the following issues:

Update to 12.3.0 (build 22234872) (bsc#1214850)

  • There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including:
    • This release integrates CVE-2023-20900 without the need for a patch. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
    • A tools.conf configuration setting is available to temporaily direct Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior of ignoring file systems already frozen.
    • Building of the VMware Guest Authentication Service (VGAuth) using 'xml-security-c' and 'xerces-c' is being deprecated.
    • A number of Coverity reported issues have been addressed.
    • A number of GitHub issues and pull requests have been handled. Please see the Resolves Issues section of the Release Notes.
    • For issues resolved in this release, see the Resolved Issues section of the Release Notes.
  • For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
  • Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
  • The granular changes that have gone into the 12.3.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
  • Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
  • jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
References

Affected packages

SUSE:Linux Enterprise Server 12 SP5 / open-vm-tools

Package

Name
open-vm-tools
Purl
pkg:rpm/suse/open-vm-tools&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.3.0-4.59.1

Ecosystem specific 

{
    "binaries": [
        {
            "open-vm-tools-salt-minion": "12.3.0-4.59.1",
            "libvmtools0": "12.3.0-4.59.1",
            "open-vm-tools-sdmp": "12.3.0-4.59.1",
            "open-vm-tools": "12.3.0-4.59.1",
            "open-vm-tools-desktop": "12.3.0-4.59.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / open-vm-tools

Package

Name
open-vm-tools
Purl
pkg:rpm/suse/open-vm-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.3.0-4.59.1

Ecosystem specific 

{
    "binaries": [
        {
            "open-vm-tools-salt-minion": "12.3.0-4.59.1",
            "libvmtools0": "12.3.0-4.59.1",
            "open-vm-tools-sdmp": "12.3.0-4.59.1",
            "open-vm-tools": "12.3.0-4.59.1",
            "open-vm-tools-desktop": "12.3.0-4.59.1"
        }
    ]
}