ELSA-2023-7265

ULN >
Oracle Linux Errata repository >
ELSA-2023-7265

ELSA-2023-7265 - open-vm-tools security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2023-11-21

Description

[12.2.5-3.0.1.1]
- Fix CVE-2023-34058 open-vm-tools: SAML token signature bypass
- Fix CVE-2023-34059 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

Related CVEs

CVE-2023-34058

CVE-2023-34059

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	open-vm-tools-12.2.5-3.0.1.el8_9.1.src.rpm	1a12864368a67401a1b36e317e139392	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	open-vm-tools-12.2.5-3.0.1.el8_9.1.src.rpm	1a12864368a67401a1b36e317e139392	-	ol8_x86_64_appstream
	open-vm-tools-12.2.5-3.0.1.el8_9.1.x86_64.rpm	74569d1eacde8e6fea8c7b5269500019	-	ol8_x86_64_appstream
	open-vm-tools-desktop-12.2.5-3.0.1.el8_9.1.x86_64.rpm	ba645bfa716dcd363f962345f3382b57	-	ol8_x86_64_appstream
	open-vm-tools-salt-minion-12.2.5-3.0.1.el8_9.1.x86_64.rpm	cdd8e03cbb7c38c864c6168204a2ebac	-	ol8_x86_64_appstream
	open-vm-tools-sdmp-12.2.5-3.0.1.el8_9.1.x86_64.rpm	15ddbe281f0085faefa98f61e651931e	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691