Bug#1054666: marked as done (open-vm-tools: CVE-2023-34059 CVE-2023-34058)
Your message dated Tue, 07 Nov 2023 21:17:46 + with message-id and subject line Bug#1054666: fixed in open-vm-tools 2:11.2.5-2+deb11u3 has caused the Debian Bug report #1054666, regarding open-vm-tools: CVE-2023-34059 CVE-2023-34058 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1054666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054666 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: open-vm-tools X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for open-vm-tools. CVE-2023-34059[0]: | open-vm-tools contains a file descriptor hijack vulnerability in the | vmware-user-suid-wrapper. A malicious actor with non-root privileges | may be able to hijack the /dev/uinput file descriptor allowing them | to simulate user inputs. https://www.openwall.com/lists/oss-security/2023/10/27/3 CVE-2023-34058[1]: | VMware Tools contains a SAML token signature bypass vulnerability. A | malicious actor that has been granted Guest Operation Privileges | https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere- | security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target | virtual machine may be able to elevate their privileges if that | target virtual machine has been assigned a more privileged Guest | Alias https://vdc-download.vmware.com/vmwb-repository/dcr- | public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd- | db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . https://www.openwall.com/lists/oss-security/2023/10/27/1 https://github.com/vmware/open-vm-tools/blob/CVE-2023-34058.patch/CVE-2023-34058.patch If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-34059 https://www.cve.org/CVERecord?id=CVE-2023-34059 [1] https://security-tracker.debian.org/tracker/CVE-2023-34058 https://www.cve.org/CVERecord?id=CVE-2023-34058 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: open-vm-tools Source-Version: 2:11.2.5-2+deb11u3 Done: Bernd Zeimetz We believe that the bug you reported is fixed in the latest version of open-vm-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1054...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernd Zeimetz (supplier of updated open-vm-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 30 Oct 2023 18:02:12 +0100 Source: open-vm-tools Architecture: source Version: 2:11.2.5-2+deb11u3 Distribution: bullseye-security Urgency: medium Maintainer: Bernd Zeimetz Changed-By: Bernd Zeimetz Closes: 1054666 Changes: open-vm-tools (2:11.2.5-2+deb11u3) bullseye-security; urgency=medium . * Closes: #1054666 * [5f241c9] Fixing CVE-2023-34059. This fixes a file descriptor hijack vulnerability in the vmware-user-suid-wrapper command. A malicious actor with non-root privileges might have been able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. * [0c3fe2a] Fixing CVE-2023-34058. This fixes a SAML Token Signature Bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine might have been able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. Checksums-Sha1: 6a25a3de4c99bbdef3d30c8defd1834f24cbf5a3 2496 open-vm-tools_11.2.5-2+deb11u3.dsc 738ecd78a07d8e9809b8dd190f70a8e606199265 37352 open-vm-tools_11.2.5-2+deb11u3.debian.tar.xz 955fd8dee72124208fcdc91b093e67fb53992c01 5533 open-vm-tools_11.2.5-2+deb11u3_source.buildinfo Checksums-Sha256: e20bbd5f994469d2b78af4c2ab0d2c7d442961b05250a5f87888663ee054f100 2496 open-vm-tools_11.2.5-2+deb11u3.dsc 06fa96d0d2f310bfaad5fe6fb4d0f6f5b2e04707bc52ab19383b7752ee7a021e 37352 open-vm-tools_11.2.5-2+deb11u3.debian.tar.xz ffe0ea84911c3facf6e7bf1d1b1c7696d9f483cc8e123a24b54b813f2b6ab6af 5533
Bug#1054666: marked as done (open-vm-tools: CVE-2023-34059 CVE-2023-34058)
Your message dated Sat, 04 Nov 2023 12:47:09 + with message-id and subject line Bug#1054666: fixed in open-vm-tools 2:12.2.0-1+deb12u2 has caused the Debian Bug report #1054666, regarding open-vm-tools: CVE-2023-34059 CVE-2023-34058 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1054666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054666 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: open-vm-tools X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for open-vm-tools. CVE-2023-34059[0]: | open-vm-tools contains a file descriptor hijack vulnerability in the | vmware-user-suid-wrapper. A malicious actor with non-root privileges | may be able to hijack the /dev/uinput file descriptor allowing them | to simulate user inputs. https://www.openwall.com/lists/oss-security/2023/10/27/3 CVE-2023-34058[1]: | VMware Tools contains a SAML token signature bypass vulnerability. A | malicious actor that has been granted Guest Operation Privileges | https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere- | security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target | virtual machine may be able to elevate their privileges if that | target virtual machine has been assigned a more privileged Guest | Alias https://vdc-download.vmware.com/vmwb-repository/dcr- | public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd- | db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . https://www.openwall.com/lists/oss-security/2023/10/27/1 https://github.com/vmware/open-vm-tools/blob/CVE-2023-34058.patch/CVE-2023-34058.patch If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-34059 https://www.cve.org/CVERecord?id=CVE-2023-34059 [1] https://security-tracker.debian.org/tracker/CVE-2023-34058 https://www.cve.org/CVERecord?id=CVE-2023-34058 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: open-vm-tools Source-Version: 2:12.2.0-1+deb12u2 Done: Bernd Zeimetz We believe that the bug you reported is fixed in the latest version of open-vm-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1054...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernd Zeimetz (supplier of updated open-vm-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 30 Oct 2023 17:59:25 +0100 Source: open-vm-tools Architecture: source Version: 2:12.2.0-1+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: Bernd Zeimetz Changed-By: Bernd Zeimetz Closes: 1054666 Changes: open-vm-tools (2:12.2.0-1+deb12u2) bookworm-security; urgency=medium . * Closes: #1054666 * [81326c8] Fixing CVE-2023-34059. This fixes a file descriptor hijack vulnerability in the vmware-user-suid-wrapper command. A malicious actor with non-root privileges might have been able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. * [95acc49] Fixing CVE-2023-34058. This fixes a SAML Token Signature Bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine might have been able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. Checksums-Sha1: 6bfc93c62dc26555754cb91846a166389b7ac672 2944 open-vm-tools_12.2.0-1+deb12u2.dsc 112cd82f38ebb66afb77c2a3c5a5311f86fa0c39 39740 open-vm-tools_12.2.0-1+deb12u2.debian.tar.xz 2a86f97839b4fa6410d03254d6ba98a590673773 5533 open-vm-tools_12.2.0-1+deb12u2_source.buildinfo Checksums-Sha256: b33137fe8ac9e50003a90026efd74fd20962dfb4e877cc80fe4401187e190e55 2944 open-vm-tools_12.2.0-1+deb12u2.dsc 86b76972e193a0c41eafa79005c977e24cd619b76a9b0f8f007b36d241ee951a 39740 open-vm-tools_12.2.0-1+deb12u2.debian.tar.xz 9b93eaff53e9fc75f1923b0ebe29875847f73105e6d96176f645d3e24f5f476d 5533
Bug#1054666: marked as done (open-vm-tools: CVE-2023-34059 CVE-2023-34058)
Your message dated Sat, 28 Oct 2023 00:36:39 + with message-id and subject line Bug#1054666: fixed in open-vm-tools 2:12.3.5-1 has caused the Debian Bug report #1054666, regarding open-vm-tools: CVE-2023-34059 CVE-2023-34058 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1054666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054666 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: open-vm-tools X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for open-vm-tools. CVE-2023-34059[0]: | open-vm-tools contains a file descriptor hijack vulnerability in the | vmware-user-suid-wrapper. A malicious actor with non-root privileges | may be able to hijack the /dev/uinput file descriptor allowing them | to simulate user inputs. https://www.openwall.com/lists/oss-security/2023/10/27/3 CVE-2023-34058[1]: | VMware Tools contains a SAML token signature bypass vulnerability. A | malicious actor that has been granted Guest Operation Privileges | https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere- | security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target | virtual machine may be able to elevate their privileges if that | target virtual machine has been assigned a more privileged Guest | Alias https://vdc-download.vmware.com/vmwb-repository/dcr- | public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd- | db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . https://www.openwall.com/lists/oss-security/2023/10/27/1 https://github.com/vmware/open-vm-tools/blob/CVE-2023-34058.patch/CVE-2023-34058.patch If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-34059 https://www.cve.org/CVERecord?id=CVE-2023-34059 [1] https://security-tracker.debian.org/tracker/CVE-2023-34058 https://www.cve.org/CVERecord?id=CVE-2023-34058 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: open-vm-tools Source-Version: 2:12.3.5-1 Done: Bernd Zeimetz We believe that the bug you reported is fixed in the latest version of open-vm-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1054...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernd Zeimetz (supplier of updated open-vm-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 28 Oct 2023 01:41:22 +0200 Source: open-vm-tools Architecture: source Version: 2:12.3.5-1 Distribution: unstable Urgency: high Maintainer: Bernd Zeimetz Changed-By: Bernd Zeimetz Closes: 1046018 1054662 1054666 Changes: open-vm-tools (2:12.3.5-1) unstable; urgency=high . * [1b07bee] Remove api doc build dir with dh_clean. Thanks to Lucas Nussbaum (Closes: #1046018) * [de2e0ba] New upstream version 12.3.5 (Closes: #1054662) - New upstream release fixes two CVEs: CVE-2023-34059 CVE-2023-34058 Closes: #1054666 Checksums-Sha1: 7ba0c12eb4cd20d9d0c0ac267d1625a10ee6c21b 2912 open-vm-tools_12.3.5-1.dsc 585d1c3fd8fe109b0e33f367f9d8b782a3aeb643 1811404 open-vm-tools_12.3.5.orig.tar.xz 25fc5b74603f27c0e0d4171be07a95922ebcefa5 34004 open-vm-tools_12.3.5-1.debian.tar.xz 121fe2b554c53367a2f94bb561f1f023886ee420 5493 open-vm-tools_12.3.5-1_source.buildinfo Checksums-Sha256: 538bdf8a4a60cb5847faf417d764af64d286d0a3da72d004c3011793cbeb6c71 2912 open-vm-tools_12.3.5-1.dsc a8c4f6a6780710c71fa00544951a76a3e321eaff530c5258cdd7744e685ef1e1 1811404 open-vm-tools_12.3.5.orig.tar.xz ee966560e9266fc6f56acb9d325658e03ed5e890a6c4be6cdc0a558e1116e181 34004 open-vm-tools_12.3.5-1.debian.tar.xz 3c14fa9cc95e62830c89458f32205e506ff56a2adc834e2f334804051a3fc39f 5493 open-vm-tools_12.3.5-1_source.buildinfo Files: 5f4c188731a287db6b752f40f03337ed 2912 admin optional open-vm-tools_12.3.5-1.dsc 830e21bdd65a2cea02c26703065bd0f5 1811404 admin optional open-vm-tools_12.3.5.orig.tar.xz df69cdd0cc88d8e90c2088a1f850a591 34004 admin optional