ELSA-2022-6358

Опубликовано: 07 сент. 2022

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2022-6358: open-vm-tools security update (IMPORTANT)

[11.3.5-1.0.1.el9_0.1]

Fix spaces in vmware udev rule for scsi devices [Orabug: 24461968]
Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019]
Increase timeout for scsi devices on VMWare guests by adding a udev rule. [Orabug: 21819156]

[11.3.5-1.el9_0.1]

ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119285]
Resolves: bz#2119285 (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-9.0.0.z])

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

open-vm-tools

11.3.5-1.0.1.el9_0.1

open-vm-tools-desktop

11.3.5-1.0.1.el9_0.1

open-vm-tools-test

11.3.5-1.0.1.el9_0.1

Oracle Linux x86_64

open-vm-tools

11.3.5-1.0.1.el9_0.1

open-vm-tools-desktop

11.3.5-1.0.1.el9_0.1

open-vm-tools-sdmp

11.3.5-1.0.1.el9_0.1

open-vm-tools-test

11.3.5-1.0.1.el9_0.1

Связанные CVE

CVE-2022-31676

Ссылки на источники

Связанные уязвимости

CVE-2022-31676

CVSS3: 7.8

ubuntu

около 3 лет назад

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.