Scientific Linux alert SLSA-2023:5217-1 (open-vm-tools)


From:
               Farhan Ahmed <fahmed@fnal.gov>
To:
               scientific-linux-errata@listserv.fnal.gov
Subject:
               Security ERRATA Important: open-vm-tools on SL7.x x86_64
Date:
               Tue, 19 Sep 2023 16:24:45 -0000
Message-ID:
               <20230919162445.4924.49126@50523906fb6c>
Synopsis:          Important: open-vm-tools security update
Advisory ID:       SLSA-2023:5217-1
Issue Date:        2023-09-19
CVE Numbers:       CVE-2023-20900
--

Security Fix(es):

* open-vm-tools: SAML token signature bypass (CVE-2023-20900)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
--

SL7
  x86_64
    open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm
    open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm
    open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm
    open-vm-tools-devel-11.0.5-3.el7_9.7.x86_64.rpm
    open-vm-tools-test-11.0.5-3.el7_9.7.x86_64.rpm

- Scientific Linux Development Team

From:		Farhan Ahmed <fahmed@fnal.gov>
To:		scientific-linux-errata@listserv.fnal.gov
Subject:		Security ERRATA Important: open-vm-tools on SL7.x x86_64
Date:		Tue, 19 Sep 2023 16:24:45 -0000
Message-ID:		<20230919162445.4924.49126@50523906fb6c>