[SECURITY] [DSA 5543-1] open-vm-tools security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5543-1] open-vm-tools security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 31 Oct 2023 19:29:14 +0000
Message-id: <[🔎] ZUFVigJT0o7NPRS1@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5543-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 31, 2023                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : open-vm-tools
CVE ID         : CVE-2023-34058 CVE-2023-34059

Two security issues have been discovered in the Open VMware Tools, which
could result in privilege escalation.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2:11.2.5-2+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in
version 2:12.2.0-1+deb12u2.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVBVQYACgkQEMKTtsN8
TjYsrg/9F9eIADdIEeqnR+hc0Dc9YE6yK49aTbADMw3CBAARSRKHtcDsWjqcnRON
hvzZapmYQ64g7Cxp5/8eD+NnL/69zf+hYV171QJVJ62gfnY0jISZ2hsvqDFWkZK2
D3CxX+8OVrwAJClFgE7BztjkWE8xl7KkpdD4EsbODZeFbGRvq5/fMrfltfZ+iik6
5RcHLXWtWVPQ5B/HPkL02D6iMleB3USl9r92EhM94dGVpziW37a/mPlsm/MjWFVp
XXXEXSGX23t33A8iihBLJxroPNLcTG5KKl725zocg4VSmxuzUOX1DbtSNWP+jKfb
SrB+a3F6Y2VWN1R2F1sv0zEjpsJmkFysIMa7NN1ngPM+L8F/A7aD8HPgjmYObAmj
UQdSTm/C4Zl7XqyHR13i3uJI9XPa4lys7B8RwY6MOJIDOy3UMiFhRlw/G9m0WNLF
JLlsbQPr5so/WqKln7bDaMBJLdRyMv1o8yR+5hSBqwu1rnsIBv8EDWwiIAmBYmzw
MOkNdi+N3gaK+5q5pwQM5rJmN4/pWNzb0kWOH8Is/ZuYIAie1mjYFUngG0Ef49b/
Hsq5Se4cShDvl/WZDYWuyyy4azbjI00ukWXbj81/c7jw0lwzosthtV0piEJO2oQh
3ymplyXXtPQedQ1nwgOHBx4eb3dSsYRAj71Blbf9BLD8UdndywA=
=VMwp
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5542-1] request-tracker4 security update
Next by Date: [SECURITY] [DSA 5544-1] zookeeper security update
Previous by thread: [SECURITY] [DSA 5542-1] request-tracker4 security update
Next by thread: [SECURITY] [DSA 5544-1] zookeeper security update
Index(es):
- Date
- Thread