VMSA-2017-0013 describes the following CVEs: CVE-2017-4921, CVE-2017-4922, CVE-2017-4923, CVE-2015-5191. Of these, only CVE-2015-5191 is applicable to open-vm-tools and it is partially mitigated via symlink restrictions. It is on the list to be fixed, but is currently rated low.
VMSA-2018-0003 describes CVE-2017-4945, CVE-2017-4946, and CVE-2017-4948. CVE-2017-4945 is applicable to VM tools, but only for Windows guests, so it is not applicable to the open-vm-tools package. CVE-2017-4946 and CVE-2017-4948 are not applicable to open-vm-tools. You can see the CVE status for the package at http://people.canonical.com/~ubuntu-security/cve/pkg/open-vm-tools.html ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5191 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4921 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4922 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4923 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4945 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4946 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4948 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1741390 Title: Please backport open-vm-tools 2:10.2.0-3 (main) from bionic To manage notifications about this bug go to: https://bugs.launchpad.net/xenial-backports/+bug/1741390/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
