UbuntuUpdates.org

Package "open-vm-tools-containerinfo"

Name: open-vm-tools-containerinfo

Description:

Open VMware Tools for VMs hosted on VMware (Service Discovery Plugin)

Latest version: 2:12.3.5-3~ubuntu0.22.04.1
Release: jammy (22.04)
Level: updates
Repository: main
Head package: open-vm-tools
Homepage: https://github.com/vmware/open-vm-tools

Links


Download "open-vm-tools-containerinfo"


Other versions of "open-vm-tools-containerinfo" in Jammy

Repository Area Version
security main 2:12.1.5-3~ubuntu0.22.04.4

Changelog

Version: 2:12.3.5-3~ubuntu0.22.04.1 2024-02-08 19:07:00 UTC

  open-vm-tools (2:12.3.5-3~ubuntu0.22.04.1) jammy; urgency=medium

  * Backport recent open-vm-tools release v12.3.5
    (LP: #2028420)

Source diff to previous version
2028420 Backport open-vm-tools 12.3.5 for jammy, lunar and mantic

Version: 2:12.1.5-3~ubuntu0.22.04.4 2023-10-31 17:13:42 UTC

  open-vm-tools (2:12.1.5-3~ubuntu0.22.04.4) jammy-security; urgency=medium

  * SECURITY UPDATE: SAML Bypass
    - debian/patches/CVE-2023-34058.patch: don't accept tokens with
      unrelated certs in open-vm-tools/vgauth/common/certverify.c,
      open-vm-tools/vgauth/common/certverify.h,
      open-vm-tools/vgauth/common/prefs.h,
      open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
    - CVE-2023-34058
  * SECURITY UPDATE: file descriptor hijack
    - debian/patches/CVE-2023-34059.patch: change privilege dropping order
      in open-vm-tools/services/vmtoolsd/mainPosix.c,
      open-vm-tools/vmware-user-suid-wrapper/main.c.
    - CVE-2023-34059

 -- Marc Deslauriers <email address hidden> Fri, 27 Oct 2023 07:38:17 -0400

Source diff to previous version
CVE-2023-34058 VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.v

Version: 2:12.1.5-3~ubuntu0.22.04.3 2023-09-13 18:07:52 UTC

  open-vm-tools (2:12.1.5-3~ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: SAML token signature bypass vulnerability
    - debian/patches/CVE-2023-20900.patch: Allow only X509 certs to verify
      the SAML token signature in
      open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c.
    - CVE-2023-20900

 -- Marc Deslauriers <email address hidden> Mon, 11 Sep 2023 14:45:55 -0400

Source diff to previous version
CVE-2023-20900 A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E

Version: 2:12.1.5-3~ubuntu0.22.04.2 2023-07-27 07:07:03 UTC

  open-vm-tools (2:12.1.5-3~ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2023-20867.patch: Remove some dead code
    - CVE-2023-20867

 -- Nishit Majithia <email address hidden> Tue, 25 Jul 2023 09:39:02 +0530

Source diff to previous version
CVE-2023-20867 A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of

Version: 2:12.1.5-3~ubuntu0.22.04.1 2023-06-01 15:07:21 UTC

  open-vm-tools (2:12.1.5-3~ubuntu0.22.04.1) jammy; urgency=medium

  * Backport recent open-vm-tools release v12.1.5
    (LP: #1998558)
  * d/control: Add libabsl-dev as explicit build-dependency.
    - (Closes #1032305)

 -- Bryce Harrington <email address hidden> Thu, 16 Mar 2023 23:57:03 +0000

1998558 open-vm-tools 12.1.5 has been released
1032305 open-vm-tools: ld reports cannot find -labsl_synchronization when building



About   -   Send Feedback to @ubuntu_updates