SUSE-SU-2023:2604-1

Опубликовано: 22 июн. 2023

Источник: suse-cvrf

Описание

Security update for open-vm-tools

This update for open-vm-tools fixes the following issues:

CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143).

Bug fixes:

Fixed build problem with grpc 1.54 (bsc#1210695).

Список пакетов

Container suse/sle-micro-rancher/5.2:latest

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

Container suse/sle-micro-rancher/5.3:latest

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

Container suse/sle-micro-rancher/5.4:latest

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

Container suse/sle-micro/5.5:latest

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

Image SLES15-SP4-CHOST-BYOS-SAP-CCloud

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

SUSE Linux Enterprise Micro 5.1

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

SUSE Linux Enterprise Micro 5.2

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

SUSE Linux Enterprise Micro 5.3

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

SUSE Linux Enterprise Micro 5.4

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

libvmtools-devel-12.2.0-150300.29.1

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

open-vm-tools-salt-minion-12.2.0-150300.29.1

open-vm-tools-sdmp-12.2.0-150300.29.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

libvmtools-devel-12.2.0-150300.29.1

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

open-vm-tools-salt-minion-12.2.0-150300.29.1

open-vm-tools-sdmp-12.2.0-150300.29.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

open-vm-tools-desktop-12.2.0-150300.29.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

open-vm-tools-desktop-12.2.0-150300.29.1

SUSE Linux Enterprise Real Time 15 SP3

libvmtools-devel-12.2.0-150300.29.1

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

open-vm-tools-desktop-12.2.0-150300.29.1

open-vm-tools-sdmp-12.2.0-150300.29.1

openSUSE Leap 15.4

libvmtools-devel-12.2.0-150300.29.1

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

open-vm-tools-desktop-12.2.0-150300.29.1

open-vm-tools-salt-minion-12.2.0-150300.29.1

open-vm-tools-sdmp-12.2.0-150300.29.1

openSUSE Leap 15.5

libvmtools-devel-12.2.0-150300.29.1

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

open-vm-tools-desktop-12.2.0-150300.29.1

open-vm-tools-salt-minion-12.2.0-150300.29.1

open-vm-tools-sdmp-12.2.0-150300.29.1

openSUSE Leap Micro 5.3

libvmtools0-12.2.0-150300.29.1

open-vm-tools-12.2.0-150300.29.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232604-1/
Link for SUSE-SU-2023:2604-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029997.html
E-Mail link for SUSE-SU-2023:2604-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210695
SUSE Bug 1210695
https://bugzilla.suse.com/1212143
SUSE Bug 1212143
https://www.suse.com/security/cve/CVE-2023-20867/
SUSE CVE CVE-2023-20867 page

Описание

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Затронутые продукты

Container suse/sle-micro-rancher/5.2:latest:libvmtools0-12.2.0-150300.29.1

Container suse/sle-micro-rancher/5.2:latest:open-vm-tools-12.2.0-150300.29.1

Container suse/sle-micro-rancher/5.3:latest:libvmtools0-12.2.0-150300.29.1

Container suse/sle-micro-rancher/5.3:latest:open-vm-tools-12.2.0-150300.29.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-20867.html
CVE-2023-20867
https://bugzilla.suse.com/1212143
SUSE Bug 1212143
https://bugzilla.suse.com/1214402
SUSE Bug 1214402

SUSE-SU-2023:2604-1

Описание

Список пакетов

Container suse/sle-micro-rancher/5.2:latest

Container suse/sle-micro-rancher/5.3:latest

Container suse/sle-micro-rancher/5.4:latest

Container suse/sle-micro/5.5:latest

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

Image SLES15-SP4-CHOST-BYOS-SAP-CCloud

Image SLES15-SP5-CHOST-BYOS-SAP-CCloud

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

SUSE Linux Enterprise Real Time 15 SP3

openSUSE Leap 15.4

openSUSE Leap 15.5

openSUSE Leap Micro 5.3

Ссылки

Уязвимость: CVE-2023-20867

Описание

Затронутые продукты

Ссылки