Debian alert DLA-3081-1 (open-vm-tools)

From:
             
 
Abhijith PA <abhijith@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 3081-1] open-vm-tools security update
Date:
             
 
Thu, 25 Aug 2022 12:51:22 +0530
Message-ID:
             
 
<Ywci8qr1imPj+QfB@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3081-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
August 25, 2022                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : open-vm-tools
Version        : 2:10.3.10-1+deb10u3
CVE ID         : CVE-2022-31676

open-vm-tools contains a local privilege escalation vulnerability. A 
malicious actor with local non-administrative access to the Guest OS 
can escalate privileges as a root user in the virtual machine.

For Debian 10 buster, this problem has been fixed in version
2:10.3.10-1+deb10u3.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmMHIvEACgkQhj1N8u2c
KO8+0Q//Yn0qqTWDNcli33I/4GAKzZkhc9sAFUKxnGsav34QHAt1pgNxknAjGe+J
cfiF5QHaN/pWQYO5cHc8RKLpCzYyC+n6ooEBnPUnzufVutGC0+WVw8RRmaqmmM3H
+yHffG25dUrPYb+qMWBfrMe/gHw9LU9YlTdMjbW164hl3RdNXfqYU+GI/kHtRl8a
tDtI+WELDgaIBHCoukxclV0tRMNE0fUC+ZTfwqeas1fPO3x6n7bZSwoZEhQllnuB
+F4dww9+6NQzxOsfELo5tZCqX/qv9bS8Ye/CrUea6XzvzN1spzSEhyrfJ1pW3tNW
SR9ip96sxngupXlngTRs/nkeIq3A5kHdOG7hAE2CVrwYnx9c+SaVx4gGTLusM6hs
HULMZdMyFzgqQGsSaZAf8m0vbBMbtXzgIP/jCKzl7spv2IyymBaujdt6ZvZtktN/
Z6M34A9fQ2zgtSKkBhGurDqg9iFaPY7tfxr1y0NvJ1BiGB9k2DDgD05P1zgQ9SEC
+SYNCWYKg+ccf4N2GSFH3vcdcaevHZcrEjEeKX5ITk40jqwPApm8UBrz4ZkrFiku
pv7oeCMfz01KDUMLkt1hjPQj8ZGeMVYMSv62HSXPpqDak6U2bKOvcccZ4X4vgvSs
5QFJbfOtWrzKcPwMVKrBfQ2U9MmRv1PLaEGjN7Xn5s65+MZ0/kk=
=kDJ4
-----END PGP SIGNATURE-----