Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:2961-1

Опубликовано: 31 авг. 2022
Источник: suse-cvrf

Описание

Security update for open-vm-tools

This update for open-vm-tools fixes the following issues:

  • CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657).

Non-security fixes:

  • Update to 11.0.5 (build 15389592) (bsc#1165955) DNS server is reported incorrectly in GuestInfo as '127.0.0.53', when the OS uses systemd-resolved. This issue is fixed in this release. Added Application Discover (appInfo) plugin.
    The plugin collects the information about running applications inside the guest and publishes the information to a guest variable.

  • GCC-10 compiler failure (bsc#1160408) The update will solve a GNU compiler Collection GCC10 failure with -fno-common.

  • Rectify a log spew in vmsvc logging (bsc#1162435, bsc#1162119) When a LSI Logic Parallel SCSI controller sits in PCI bus 0 (SCSI controller 0), the Linux disk device enumeration does not provide a 'label' file with the controller name. This results in messages like 'GuestInfoGetDiskDevice: Missing disk device name; VMDK mapping unavailable for '/var/log', fsName: '/dev/sda2' repeatedly appearing in the vmsvc logging. The update converts what previously was a warning message to a debug message and thus avoids the log spew.

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS
libvmtools-devel-11.0.5-150000.3.29.1
libvmtools0-11.0.5-150000.3.29.1
open-vm-tools-11.0.5-150000.3.29.1
open-vm-tools-desktop-11.0.5-150000.3.29.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libvmtools-devel-11.0.5-150000.3.29.1
libvmtools0-11.0.5-150000.3.29.1
open-vm-tools-11.0.5-150000.3.29.1
open-vm-tools-desktop-11.0.5-150000.3.29.1
SUSE Linux Enterprise Server for SAP Applications 15
libvmtools-devel-11.0.5-150000.3.29.1
libvmtools0-11.0.5-150000.3.29.1
open-vm-tools-11.0.5-150000.3.29.1
open-vm-tools-desktop-11.0.5-150000.3.29.1

Ссылки

Описание

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libvmtools-devel-11.0.5-150000.3.29.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libvmtools0-11.0.5-150000.3.29.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-vm-tools-11.0.5-150000.3.29.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:open-vm-tools-desktop-11.0.5-150000.3.29.1
Ссылки