Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: open-vm-tools #1164

Closed
dongsupark opened this issue Aug 31, 2023 · 2 comments · Fixed by flatcar/scripts#1101
Closed

update: open-vm-tools #1164

dongsupark opened this issue Aug 31, 2023 · 2 comments · Fixed by flatcar/scripts#1101
Labels
advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns

Comments

@dongsupark
Copy link
Member

dongsupark commented Aug 31, 2023
edited
Loading

Name: open-vm-tools
CVEs: CVE-2023-20900
CVSSs: 7.5
Action Needed: update to >= 12.3.0

Summary: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.

See also https://seclists.org/oss-sec/2023/q3/146.

refmap.gentoo: TBD
@dongsupark dongsupark added security security concerns advisory security advisory labels Aug 31, 2023
@dongsupark
Copy link
Member Author

Upstream does not have a new release yet.
We would have to address this issue in the next-next Alpha release.

@dongsupark
Copy link
Member Author

open-vm-tools 12.3.0 is out.

@dongsupark dongsupark moved this from 📝 Needs Triage to ⚒️ In Progress in Flatcar tactical, release planning, and roadmap Sep 1, 2023
@dongsupark dongsupark mentioned this issue Sep 1, 2023
Merged
@github-project-automation github-project-automation bot moved this from ⚒️ In Progress to Implemented in Flatcar tactical, release planning, and roadmap Sep 1, 2023
@dongsupark dongsupark added the cvss/HIGH > 7 && < 9 assessed CVSS label Sep 19, 2023
@github-actions github-actions bot mentioned this issue Nov 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
advisory security advisory cvss/HIGH > 7 && < 9 assessed CVSS security security concerns
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade open-vm-tools in main from 12.2.5 to 12.3.0 flatcar/scripts
1 participant
@dongsupark