|
|
Subscribe / Log in / New account

Debian alert DLA-4316-1 (open-vm-tools)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4316-1] open-vm-tools security update


Date:
              Wed, 01 Oct 2025 05:47:53 +0000


Message-ID:
              <fcc1e1c-f43d-85c9-69e5-7a6b781dff86@alteholz.de>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4316-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 30, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : open-vm-tools
Version        : 2:11.2.5-2+deb11u5
CVE ID         : CVE-2025-41244


An issue was found in open-vm-tools, a set of tools for VMs hosted on
VMware. The issue is related to a local privilege escalation in
combination with the get-versions.sh script, shipped with the service
discovery plugin (open-vm-tools-sdmp).


For Debian 11 bullseye, this problem has been fixed in version
2:11.2.5-2+deb11u5.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmjcwIlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEe9hA/+JH/NKEKGOR+LGDI3FP603Yrj3wbYln8j9JP/jvp07TcC54BNI4b25h49
k40w1VFV7uBgL93nWiAIiusXOHFaBtVFCnI20IhaSa98OIkyIRhiKHuec1PeY1vp
FbveMBTCG6E+4Gl4a+OJ51ZIfYj2sqbCppnfE78G1o42p/lMZ7KaNMqVJeSyDqAq
M02sm7tWhjB99FWBCw+sh0ZRUZji+583/wL8Gax8/Quh4P8tQWMOKlp1jrdIRF/9
zSMmPoGmkisEW8Ihh0DB0n+HCKY6lHSHz5Hh32F1B95Sg6YFjYXuk2P317IgoH73
MJ1SG6tzm2KyNVTVXT2DZDDiDd3a5NHVdrLNWxxTsCGwT0v8DBiz3LP5aG6KrFb1
r8inhbo33wS6BCfG+D4OY6ORSoFI9O6TsQLMlliPwQNDPEA2vYo8boak9fUhxhw1
WFgFv7uJrPa8Pao9xuNsQNCQL9MRAPb+IMmG39H1ikQKEi39QA9WItck6JkJiXlR
LQ/dVZ/DJ9aVAEJymhCgFLR+iUnvMXjNoariBlDeACYMWQZW12wVEM+6h7+iwDNx
D7tWjIHvikkS+iAxxo6C9FICeh6aA6EWzjyyTYFSq5jjMLXO9uGeFmiAbjdG49AI
FKxieP0AihJfMPTwo00j/9HmpCEwFVbn5iLnXBEHntMh2YMKPRQ=
=ErNv
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds