Those CVEs were announced here: https://www.openwall.com/lists/oss-security/2023/10/27/1 https://www.openwall.com/lists/oss-security/2023/10/27/2 Mageia 9 and 8 are also affected.
The fixes are given is the links above.
Whiteboard: (none) => MGA9TOO, MGA8TOOStatus comment: (none) => Patches available from upstreamSource RPM: (none) => open-vm-tools-12.1.5-2.mga9.src.rpmCC: (none) => nicolas.salguero
*** Bug 32458 has been marked as a duplicate of this bug. ***
CC: (none) => smelror
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5
Status comment: Patches available from upstream => Fixed upstream in 12.3.5
Assigning to the registered open-vm-tools maintainer
CC: (none) => marja11Assignee: bugsquad => luigiwalser
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Authentication bypass vulnerability in the vgauth module. (CVE-2023-20867) SAML token signature bypass. (CVE-2023-34058) File descriptor hijack vulnerability in the vmware-user-suid-wrapper. (CVE-2023-34059) References: https://access.redhat.com/errata/RHSA-2023:3948 https://www.openwall.com/lists/oss-security/2023/10/27/1 https://www.openwall.com/lists/oss-security/2023/10/27/2 https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5 https://www.vmware.com/security/advisories/VMSA-2023-0024.html ======================== Updated packages in core/updates_testing: ======================== open-vm-tools-12.3.5-2.mga9 open-vm-tools-desktop-12.3.5-2.mga9 open-vm-tools-devel-12.3.5-2.mga9 open-vm-tools-salt-minion-12.3.5-2.mga9 open-vm-tools-sdmp-12.3.5-2.mga9 open-vm-tools-test-12.3.5-2.mga9 from SRPM: open-vm-tools-12.3.5-2.mga9.src.rpm
Status: NEW => ASSIGNEDCVE: (none) => CVE-2023-34058, CVE-2023-34059Whiteboard: MGA9TOO, MGA8TOO => (none)Assignee: luigiwalser => qa-bugsBlocks: (none) => 32061Version: Cauldron => 9Status comment: Fixed upstream in 12.3.5 => (none)
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. This laptop is not powerfull enough to run VMwaren so ref bug 30770, OK on clean install.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0058.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED