-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 06 Sep 2023 20:01:06 +0200 Source: open-vm-tools Binary: open-vm-tools open-vm-tools-containerinfo open-vm-tools-containerinfo-dbgsym open-vm-tools-dbgsym open-vm-tools-desktop open-vm-tools-desktop-dbgsym open-vm-tools-dev open-vm-tools-salt-minion open-vm-tools-sdmp open-vm-tools-sdmp-dbgsym Architecture: source amd64 Version: 2:12.2.0-1+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Bernd Zeimetz <bzed@debian.org> Changed-By: Bernd Zeimetz <bzed@debian.org> Description: open-vm-tools - Open VMware Tools for virtual machines hosted on VMware (CLI) open-vm-tools-containerinfo - Open VMware Tools for VMs hosted on VMware (Service Discovery Plu open-vm-tools-desktop - Open VMware Tools for virtual machines hosted on VMware (GUI) open-vm-tools-dev - Open VMware Tools for virtual machines hosted on VMware (developm open-vm-tools-salt-minion - Open VMware Tools for VMs hosted on VMware (Service Discovery Plu open-vm-tools-sdmp - Open VMware Tools for VMs hosted on VMware (Service Discovery Plu Closes: 1050970 Changes: open-vm-tools (2:12.2.0-1+deb12u1) bookworm-security; urgency=medium . * [3812674] Fixing CVE-2023-20867, CVE-2023-20900 - Authentication Bypass vulnerability in VMware Tools (CVE-2023-20867) A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. - SAML token signature bypass vulnerability (CVE-2023-20900) A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations. (Closes: #1050970) * [fb0ab84] Updating gitlab CI and GBP to build in bookworm Checksums-Sha1: a2f8437766cff2f597ecf4c49eb2eaf23011e86b 2969 open-vm-tools_12.2.0-1+deb12u1.dsc 723692c71ad95322ea0d7ca3dab76e888bbe052d 1801276 open-vm-tools_12.2.0.orig.tar.xz cbd9d85920d306554d937ef04b1858a7dc01447e 36212 open-vm-tools_12.2.0-1+deb12u1.debian.tar.xz 4b1490469b12bcf35ec32665bd778ae260c5c5e4 3188304 open-vm-tools-containerinfo-dbgsym_12.2.0-1+deb12u1_amd64.deb 675933e7199f8a4a6925fcce09658eac48b4e546 170120 open-vm-tools-containerinfo_12.2.0-1+deb12u1_amd64.deb d90b9fed5119df359e41344261c0cca6a0ec9021 2735972 open-vm-tools-dbgsym_12.2.0-1+deb12u1_amd64.deb 2e907d2d7c2ed88d269a00e587d24eb65e9b0384 1552080 open-vm-tools-desktop-dbgsym_12.2.0-1+deb12u1_amd64.deb e0aaf0c0e8b2b42c14d24bae63312796eb751501 151636 open-vm-tools-desktop_12.2.0-1+deb12u1_amd64.deb 7808ab4c5fb6c52e67484509c79292f6bf3110f2 509764 open-vm-tools-dev_12.2.0-1+deb12u1_amd64.deb be545eb25c9bd9880c39e10f8b23409815d274e4 26632 open-vm-tools-salt-minion_12.2.0-1+deb12u1_amd64.deb 5bde11f939104f5e2505a07d97e4f938cdaf66f9 23684 open-vm-tools-sdmp-dbgsym_12.2.0-1+deb12u1_amd64.deb b39ce5741381cac764bcb2d252789938f210ac1c 24752 open-vm-tools-sdmp_12.2.0-1+deb12u1_amd64.deb bac665ad9f9833d95fd5c70547a40c9e1d5b18c2 25039 open-vm-tools_12.2.0-1+deb12u1_amd64.buildinfo d6c3c5044e8d6f72659e8792ee36bccbd90e1ea2 685748 open-vm-tools_12.2.0-1+deb12u1_amd64.deb Checksums-Sha256: 9e01b022bbbeb65c93633b77ad096e7607d80b38a13643fa8b0efc5e55c38881 2969 open-vm-tools_12.2.0-1+deb12u1.dsc 5fe62c535812358031c8157727803601885ffb82b3d41032c80415fbaa576ec5 1801276 open-vm-tools_12.2.0.orig.tar.xz 3e9f7b69e8b16d13896615f05375825eb8ee258db51496e2b4aaf7383fda2e88 36212 open-vm-tools_12.2.0-1+deb12u1.debian.tar.xz 02cf7418ddc9b4f045696bb283c074590bc2eef07b7cf03873a99753d492b7c6 3188304 open-vm-tools-containerinfo-dbgsym_12.2.0-1+deb12u1_amd64.deb 434f07401221dc68adb7ec2508e935e3a8e0a5e189a5a184ba967a8652ccb7fb 170120 open-vm-tools-containerinfo_12.2.0-1+deb12u1_amd64.deb 159c719bef72fec5a25c3d13254c9143079d1cbc3be488a0d0849895d0f020af 2735972 open-vm-tools-dbgsym_12.2.0-1+deb12u1_amd64.deb ca67244e7582996935bdd007cc2f72da4b8632ee851caa6f918b207e87de09f9 1552080 open-vm-tools-desktop-dbgsym_12.2.0-1+deb12u1_amd64.deb 40148fc2ac55ee68f46d254fa347119dd7809c41b987490705d1e438c2a88cd6 151636 open-vm-tools-desktop_12.2.0-1+deb12u1_amd64.deb ed296edbecc2c4520079ab1fadb8c070c92256627eb0aa2f6705ab5a4e43dec6 509764 open-vm-tools-dev_12.2.0-1+deb12u1_amd64.deb 843f83deeef1a0886b515edacaaf43ed485b00ac38a1da966762442d0cc1d45a 26632 open-vm-tools-salt-minion_12.2.0-1+deb12u1_amd64.deb 5edb9a880cbcb4cc390598bc94c04755917aa301cb574385eacc0c78802cd940 23684 open-vm-tools-sdmp-dbgsym_12.2.0-1+deb12u1_amd64.deb 30ec8ebdfbc16b28bad0ec76d3a7a90d53007eb940d5adcb2768dcbc7bf8b47c 24752 open-vm-tools-sdmp_12.2.0-1+deb12u1_amd64.deb f29a916bc575e4d0acdd81432c3dc9446e30c87e32de05c93ae11257d3f35813 25039 open-vm-tools_12.2.0-1+deb12u1_amd64.buildinfo 71bbe9f7d49ddbef91d842bea243862a7b9870f623cbbf1c4de93c58584bdcd8 685748 open-vm-tools_12.2.0-1+deb12u1_amd64.deb Files: d1165e31f16bea9e17be96b8b23ed882 2969 admin optional open-vm-tools_12.2.0-1+deb12u1.dsc ae95b00298a92b1f5c64873bd06c98e4 1801276 admin optional open-vm-tools_12.2.0.orig.tar.xz 7a20b7cff35d64b27e99dc4a72e449c5 36212 admin optional open-vm-tools_12.2.0-1+deb12u1.debian.tar.xz 4daf2c0a2b527fab37fbea676b782d22 3188304 debug optional open-vm-tools-containerinfo-dbgsym_12.2.0-1+deb12u1_amd64.deb ddcb43ddfd923b5cd2b7214259686c64 170120 admin optional open-vm-tools-containerinfo_12.2.0-1+deb12u1_amd64.deb cd8a16989c9a91a5d75488d672a97a15 2735972 debug optional open-vm-tools-dbgsym_12.2.0-1+deb12u1_amd64.deb af555e6900a25faf1a9c1d385d9eb606 1552080 debug optional open-vm-tools-desktop-dbgsym_12.2.0-1+deb12u1_amd64.deb cdd187496da857de7216448c4a09c0c6 151636 admin optional open-vm-tools-desktop_12.2.0-1+deb12u1_amd64.deb 11174b13cad1c3e9f1a4fa2b03247d10 509764 devel optional open-vm-tools-dev_12.2.0-1+deb12u1_amd64.deb 40c0026c1472dce8455697e2919c6c11 26632 admin optional open-vm-tools-salt-minion_12.2.0-1+deb12u1_amd64.deb 240414ebb3a297b888cee4272926f2ee 23684 debug optional open-vm-tools-sdmp-dbgsym_12.2.0-1+deb12u1_amd64.deb 775339e7186488fb9cfa63dfd98a411c 24752 admin optional open-vm-tools-sdmp_12.2.0-1+deb12u1_amd64.deb ec6bb8bac23c1235111cdf8c312db994 25039 admin optional open-vm-tools_12.2.0-1+deb12u1_amd64.buildinfo 01adb657fa82ee48639f68d075b85596 685748 admin optional open-vm-tools_12.2.0-1+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAmT58asQHGJ6ZWRAZGVi aWFuLm9yZwAKCRDrNhcab/lDX24gEAC2F0hSOQNdDXX4tgPh+KNn5Q5a/qBwVPDn gCpPQzlLuroQPMSHomACHZUI21vvdyGD3G6BbGOb4Fb8llaBcr1IuAD6YodAlM9s 7xTEm1/GbfFgahlRif+vQxt6rp3tS/435L05Kyk52PZgz2cMKBKmGuAB0zsNOr80 MUx0K3OK8pQOFwZEILFwQOkT1XrpSHQK+XaTmqAobEBaz3pMrY9Bjdff//toV6hz Jjkg7KkPkfepRIjhioqXprwwMmt86Er0gSKm8CiCbCxq+iVdobvIkpBRKvtqjfJv cm/Hk89PH7dY7Ls9QPFLxyoZAG4g85h07jLWSDtn1lQpgDqqbvDps8iL6uAI1/R4 8qf1nDoOIGdkEgOePXU6BdzeNchBDexR6/vYNK067uNNAYI8LcX/BOiO/kTw0FYw aX2LBypWm2WlxMkuRtbTfpiY2J9UieeJDk0X+PyGzTL0oShwBhfNFVWrXrTTsHdE USsU7PdGSXPXvFI9MmIqWizGK0yg+TwXSr/3crIf8zSUviNHykzU5BocXxH6GtHa BELsEQeUa3x2hZw/LZ3+X/4BPVHcRQ93+EYptWGQsBZVIc3XWmNmHpBFX+3TZIa5 7C+LJs1GIKiVNyxqu5noBTlmFfaAik4GCCykNZuatXkem1YgzGgECqCR8Tje5D2v 5gHSrvZDbw== =i+Fs -----END PGP SIGNATURE-----