Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 18.04/16.04 LTS: USN-6463-2 critical: Open VM Tools issues

ubuntu
Calendar Grey December 6, 2023
Dist Ubuntu Esm H88
Essential patches for Open VM Tools address several security flaws in Ubuntu's 16.04 and 18.04 Long Term Support editions.
Several security issues were fixed in Open VM Tools.

Summary

Several security issues were fixed in Open VM Tools.

Software Description:

- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides

the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 It was discovered that Open VM Tools incorrectly handled SAML tokens. A

 remote attacker with Guest Operations privileges could possibly use this

 issue to elevate their privileges. (CVE-2023-34058)

 Matthias Gerstner discovered that Open VM Tools incorrectly handled file

 descriptors when dropping privileges. A local attacker could possibly use

 this issue to hijack /dev/uinput and simulate user inputs.

 (CVE-2023-34059)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   open-vm-tools                   2:11.0.5-4ubuntu0.18.04.3+esm3
   open-vm-tools-desktop     2:11.0.5-4ubuntu0.18.04.3+esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   open-vm-tools                   2:10.2.0-3~ubuntu0.16.04.1+esm4
   open-vm-tools-desktop     2:10.2.0-3~ubuntu0.16.04.1+esm4

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6463-2

  https://ubuntu.com/security/notices/USN-6463-1

  CVE-2023-34058, CVE-2023-34059

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6463-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here