Описание
Security update for open-vm-tools
This update for open-vm-tools fixes the following issues:
Update to 12.5.2:
Security fixes:
- CVE-2025-22247: Fixed Insecure file handling (bsc#1243106)
Other fixes:
- Fixed GCC 15 compile time error (bsc#1241938)
- Fixed building with containerd 1.7.25+ (bsc#1237147)
Full changelog:
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libvmtools0-12.5.2-4.83.1
open-vm-tools-12.5.2-4.83.1
open-vm-tools-desktop-12.5.2-4.83.1
open-vm-tools-salt-minion-12.5.2-4.83.1
open-vm-tools-sdmp-12.5.2-4.83.1
Ссылки
- Link for SUSE-SU-2025:01778-1
- E-Mail link for SUSE-SU-2025:01778-1
- SUSE Security Ratings
- SUSE Bug 1237147
- SUSE Bug 1241938
- SUSE Bug 1243106
- SUSE CVE CVE-2025-22247 page
Описание
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libvmtools0-12.5.2-4.83.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:open-vm-tools-12.5.2-4.83.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:open-vm-tools-desktop-12.5.2-4.83.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:open-vm-tools-salt-minion-12.5.2-4.83.1
Ссылки
- CVE-2025-22247
- SUSE Bug 1243106