32061 – open-vm-tools new security issue CVE-2023-20867

Bug 32061 - open-vm-tools new security issue CVE-2023-20867

Summary: open-vm-tools new security issue CVE-2023-20867

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	All Packagers
QA Contact:	Sec team

URL:
Whiteboard:	MGA8TOO
Keywords:

Depends on:	32454
Blocks:
	Show dependency tree / graph

Reported:	2023-06-30 02:37 CEST by David Walser
Modified:	2024-03-14 18:33 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	open-vm-tools-12.1.5-2.mga9.src.rpm
CVE:
Status comment:	Fixed upstream in 12.2.5

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-06-30 02:37:23 CEST

RedHat has issued an advisory today (June 29):
https://access.redhat.com/errata/RHSA-2023:3948

The issue is fixed upstream in 12.2.5.

Mageia 8 is also affected.

David Walser 2023-06-30 02:37:37 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 12.2.5

Comment 1 Lewis Smith 2023-06-30 20:01:54 CEST

Luigi has to date done all the updates for this pkg, but in the absence of him assigning the bug to himself, it goes global!

Assignee: bugsquad => pkg-bugs

Nicolas Salguero 2024-03-12 10:52:05 CET

Depends on: (none) => 32454

Comment 2 Nicolas Salguero 2024-03-14 18:33:57 CET

Fixed in bug 32454.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
CC: (none) => nicolas.salguero

Note You need to log in before you can comment on or make changes to this bug.