Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:1565-1

Опубликовано: 16 мая 2025
Источник: suse-cvrf

Описание

Security update for open-vm-tools

This update for open-vm-tools fixes the following issues:

Update to 12.5.2:

Security fixes:

  • CVE-2025-22247: Fixed Insecure file handling (bsc#1243106)

Other fixes:

  • Fixed GCC 15 compile time error (bsc#1241938)
  • Fix building with containerd 1.7.25+ (bsc#1237147)

Full changelog:

https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6
libvmtools-devel-12.5.2-150600.3.12.1
libvmtools0-12.5.2-150600.3.12.1
open-vm-tools-12.5.2-150600.3.12.1
open-vm-tools-salt-minion-12.5.2-150600.3.12.1
open-vm-tools-sdmp-12.5.2-150600.3.12.1
SUSE Linux Enterprise Module for Containers 15 SP6
open-vm-tools-containerinfo-12.5.2-150600.3.12.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
open-vm-tools-desktop-12.5.2-150600.3.12.1
openSUSE Leap 15.6
libvmtools-devel-12.5.2-150600.3.12.1
libvmtools0-12.5.2-150600.3.12.1
open-vm-tools-12.5.2-150600.3.12.1
open-vm-tools-containerinfo-12.5.2-150600.3.12.1
open-vm-tools-desktop-12.5.2-150600.3.12.1
open-vm-tools-salt-minion-12.5.2-150600.3.12.1
open-vm-tools-sdmp-12.5.2-150600.3.12.1

Ссылки

Описание

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libvmtools-devel-12.5.2-150600.3.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libvmtools0-12.5.2-150600.3.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:open-vm-tools-12.5.2-150600.3.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:open-vm-tools-salt-minion-12.5.2-150600.3.12.1
Ссылки