-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3531-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta August 16, 2023 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : open-vm-tools Version : 2:10.3.10-1+deb10u4 CVE ID : CVE-2023-20867 Debian Bug : 1037546 open-vm-tools is a package that provides Open VMware Tools for virtual machines hosted on VMware. It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. For Debian 10 buster, this problem has been fixed in version 2:10.3.10-1+deb10u4. We recommend that you upgrade your open-vm-tools packages. For the detailed security status of open-vm-tools please refer to its security tracker page at: https://security-tracker.debian.org/tracker/open-vm-tools Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmTdBFIACgkQgj6WdgbD S5bTpQ/+JJJuaFcoftve+m5itK7WXEvTKP+pBkYer5F+Hc1wmpA2CXYTGLEHlKGg 9TKW2U+kM3jdBgN75h4V2HrbvDM2VKC0QcQTjxSlAeiZMLs92aPwJp3De9feA4TU SOEHGMeaP3q7pIOHXFkD/RAmAPL9ow4+8AOabvA4Yzb4YZefDK53cydzg6VlOcQ1 GL9XWh6V/C4FqKOLUZRXL9NcQQofj6RKuWI3ZnG3JyLQvr6+ILXwNHj6RovjxFoM +swcMGTdg7lNPV4lVCI8slFBmzBpfiGx8bhfxDL5sRciDlj2kElqETEC/wgVTE+Z KHpIljyQQa1rNVlvBXfkbRGGqIVhaN325NpKb/074REWTxi6rtX9L0TD0cxMVr77 uxTqQl0R6U6IJg5VmC/7cUMdRVFxYQCwHX4nvsgt5+nD1/9URjB3HFdfwfcBnH+z HXmN/LHYuO1ndxVfBuPafAwlv7qXeG+TiSgkK5qknKUt5rcXCh2Qg4j0swrtDMto 2k6A15/sWy1yoveIH1Mp2ofs475IQKaDo+Klye7GO2AS13/VuMZapEEI50s2YjP+ M7q5NRS/Z7lNSnib1mxJ/2R71FcigexAUZyxUtlPqS60jGF15hvtzJzbuH4XRYJj RchnlX+3KpsoHqdepBvTSNgb1KIdvgu3tTHmMB7ynkeCBTnuYrQ= =I6M1 -----END PGP SIGNATURE-----
