UbuntuUpdates.org

Package "open-vm-tools"

Name: open-vm-tools

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Open VMware Tools for virtual machines hosted on VMware (GUI)
  • Open VMware Tools for virtual machines hosted on VMware (development)
  • Open VMware Tools for VMs hosted on VMware (Service Discovery Plugin)
Latest version: 2:11.3.0-2ubuntu0~ubuntu20.04.8
Release: focal (20.04)
Level: updates
Repository: universe
Homepage: https://github.com/vmware/open-vm-tools

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "open-vm-tools" in Focal

Repository Area Version
base main 2:11.0.5-4
security universe 2:11.3.0-2ubuntu0~ubuntu20.04.8
security main 2:11.3.0-2ubuntu0~ubuntu20.04.8
updates main 2:11.3.0-2ubuntu0~ubuntu20.04.8
PPA: Mint Upstream 2:11.3.5-1ubuntu5mint1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:11.3.0-2ubuntu0~ubuntu20.04.8 2025-05-13 16:08:02 UTC

  open-vm-tools (2:11.3.0-2ubuntu0~ubuntu20.04.8) focal-security; urgency=medium

  * SECURITY UPDATE: insecure file handling vulnerability
    - debian/patches/CVE-2025-22247.patch: properly check symlinks and path
      traversal chars in open-vm-tools/vgauth/common/VGAuthUtil.c,
      open-vm-tools/vgauth/common/VGAuthUtil.h,
      open-vm-tools/vgauth/common/prefs.h,
      open-vm-tools/vgauth/common/usercheck.c,
      open-vm-tools/vgauth/serviceImpl/alias.c,
      open-vm-tools/vgauth/serviceImpl/service.c,
      open-vm-tools/vgauth/serviceImpl/serviceInt.h.
    - CVE-2025-22247

 -- Marc Deslauriers <email address hidden> Tue, 06 May 2025 09:36:15 -0400
Source diff to previous version
CVE-2025-22247 VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the loca

Version: 2:11.3.0-2ubuntu0~ubuntu20.04.7 2023-10-31 17:13:39 UTC

  open-vm-tools (2:11.3.0-2ubuntu0~ubuntu20.04.7) focal-security; urgency=medium

  * SECURITY UPDATE: SAML Bypass
    - debian/patches/CVE-2023-34058.patch: don't accept tokens with
      unrelated certs in open-vm-tools/vgauth/common/certverify.c,
      open-vm-tools/vgauth/common/certverify.h,
      open-vm-tools/vgauth/common/prefs.h,
      open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
    - CVE-2023-34058
  * SECURITY UPDATE: file descriptor hijack
    - debian/patches/CVE-2023-34059.patch: change privilege dropping order
      in open-vm-tools/services/vmtoolsd/mainPosix.c,
      open-vm-tools/vmware-user-suid-wrapper/main.c.
    - CVE-2023-34059

 -- Marc Deslauriers <email address hidden> Fri, 27 Oct 2023 07:51:55 -0400
Source diff to previous version
CVE-2023-34058 VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.v

Version: 2:11.3.0-2ubuntu0~ubuntu20.04.6 2023-09-13 18:07:50 UTC

  open-vm-tools (2:11.3.0-2ubuntu0~ubuntu20.04.6) focal-security; urgency=medium

  * SECURITY UPDATE: SAML token signature bypass vulnerability
    - debian/patches/CVE-2023-20900.patch: Allow only X509 certs to verify
      the SAML token signature in
      open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
    - CVE-2023-20900

 -- Marc Deslauriers <email address hidden> Mon, 11 Sep 2023 14:46:25 -0400
Source diff to previous version
CVE-2023-20900 A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E

Version: 2:11.3.0-2ubuntu0~ubuntu20.04.5 2023-07-27 07:07:01 UTC

  open-vm-tools (2:11.3.0-2ubuntu0~ubuntu20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2023-20867.patch: Remove some dead code
    - CVE-2023-20867

 -- Nishit Majithia <email address hidden> Tue, 25 Jul 2023 09:36:54 +0530
Source diff to previous version
CVE-2023-20867 A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of

Version: 2:11.3.0-2ubuntu0~ubuntu20.04.4 2023-01-11 23:06:46 UTC

  open-vm-tools (2:11.3.0-2ubuntu0~ubuntu20.04.4) focal; urgency=medium

  * d/open-vm-tools.postinst: Fixes issue with "udevadm trigger"
    affecting all devices that can cause unwanted side-effects.
    (LP: #1968354)

 -- Bryce Harrington <email address hidden> Mon, 19 Sep 2022 22:14:14 +0000
1968354 Please do not run udevadm trigger without parameters


About   -   Send Feedback to @ubuntu_updates