Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5919-1] open-vm-tools security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5919-1] open-vm-tools security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5919-1] open-vm-tools security update
  • Date: Wed, 14 May 2025 20:36:35 +0000
  • Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1uFIqB-002p6V-DZ AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=jzK7TL71uGzD2OOZgXh20JjkYnukgSUvu3aYwVOKk+M=; b=s2 t4l+f+eodRhXBkGEstr+lyYFiGQR9H07WqLfWu9DuPkyMTN1hc/d73Hze/68m2tf8g4eGKa8tKcBL PVeCeDR8bKIfX89CzNY7xHKoyoy33/ANSaLrpuwb0UV1Q8x7bN1KXL/dkyMemN9/fyTnh716WAp6u 4BDxfgU+t7tegnSvion1ejUSTprJ4ukkYYWwCJIt8Qx6Vqt/UTRxi22S0nU860WwF4RFYjh87hDsp 2PLBfC0c4UKh5wByo7t5e2lAQKx6Qhhk6xEW23dXQyJBM1asiEDc8pO5hM/m6H90BtZtUlSft1H01 BTq2W4J/CEsjBcy530Wnrb3nPGlKLkxw==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 14 May 2025 20:37:04 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <SMyiuxbGIeE.A.xzhI.w7PJoB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5919-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 14, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : open-vm-tools
CVE ID : CVE-2025-22247
Debian Bug : 1105159

It was discovered that insecure file handling in open-vm-tools, an open
source implementation of VMware Tools, may allow an unprivileged local
guest user to tamper local files to trigger insecure file operations
within that VM.

For the stable distribution (bookworm), this problem has been fixed in
version 2:12.2.0-1+deb12u3.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmgk/p1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QzOQ/6A05ASlajboMSqiwKLXyreXigM90UR2aHEnRIqMMnrycbXNmeaBdDwTvF
1frstunmqWLkCUILvbTZYOAUnR/1CvykMRrYwcGhsJ07w3000+ylen8lJMvBYEru
GydqglUxjRWJu80g8DFEGcg5Vy/ZwtMjShdWEWHv3pQuFrYpdlUdbMRDpTMWSGe7
9hX77irgEokZpdby/43dcXoipTjqDSeLtwZwBVtth5x1DQXlXNVgN0Itx3OhGpIt
ImjKmNPDg0BED3ANKmM912B1kD3hJrPty/pxc8DuqJ29Mt3OABa9zesU+UpR8Riw
TUVfwfI6voGpI+OL9hlPgdyJGoD/KxMublzqnGTN9qeGruwX3Fbe5iz1ewpb5nCS
flsMLlAIbYCThajgcpy4+Na662FlrOyAzdYNtOx0fMJfTB9myORP7WuYV7ZLL7T0
H8T/rCDBLbw6JiExnzPNE2CGhQni6ZBfl5Aa1NpefvxxFTcSHNjPhpsDvW6gArHU
833KkTSTkG9dqryMLiBXvM8/Djpsb3kzvtBPnmm7XVJUjsIJVV+VZ9vTl4bpYAX4
KmV/rw686gHba9NSFPR/4qfKkU0tdBnp6Ox8Ov7sUV20Qe+grIUE916i4c1UFmZx
DsD0SrAfSlsN5Qvq1KSFMaT5nXkD1g6PCfV3gllOYFKyh+Ipxok=
=Dp4n
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5919-1] open-vm-tools security update, Salvatore Bonaccorso, 14.05.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang