-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Nov 2023 17:49:49 +0000 Source: open-vm-tools Architecture: source Version: 2:10.3.10-1+deb10u6 Distribution: buster-security Urgency: medium Maintainer: Bernd Zeimetz <bzed@debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1054666 Changes: open-vm-tools (2:10.3.10-1+deb10u6) buster-security; urgency=medium . * Closes: #1054666 * Fix CVE-2023-34059: This fixes a file descriptor hijack vulnerability in the vmware-user-suid-wrapper command. A malicious actor with non-root privileges might have been able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. * Fix CVE-2023-34058: This fixes a SAML Token Signature Bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine might have been able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. Checksums-Sha1: ef48785de8f65acef4d23cda71707068c9783f61 2383 open-vm-tools_10.3.10-1+deb10u6.dsc fa02653827deb3320cce80cf5554a40aadad0f1d 52120 open-vm-tools_10.3.10-1+deb10u6.debian.tar.xz 6ae185c0f321840917217ccb9fdcde86ea070973 17761 open-vm-tools_10.3.10-1+deb10u6_amd64.buildinfo Checksums-Sha256: 291251ea9a8afe5fbe9af8022d1ec86c51e01f7cfc21f4cfbd7d19329deda350 2383 open-vm-tools_10.3.10-1+deb10u6.dsc a409dd2c57050097de51bc5d3174ef967c5fcee27270dcbee8034fd809a6df5e 52120 open-vm-tools_10.3.10-1+deb10u6.debian.tar.xz 81c8f297721a54d7cd24720b97a51c04524ba1dfd7130e29314ec65b591c7684 17761 open-vm-tools_10.3.10-1+deb10u6_amd64.buildinfo Files: c520ea22558024426621c8a4d11f73cc 2383 admin extra open-vm-tools_10.3.10-1+deb10u6.dsc 0fbd0e67a28220595c53904ce841e98e 52120 admin extra open-vm-tools_10.3.10-1+deb10u6.debian.tar.xz dfb1b0f8252adc32afacc06b66388292 17761 admin extra open-vm-tools_10.3.10-1+deb10u6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVH6EMRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF94DBAAo5CfhfJkd/S9ahFeJrYEIx0WE7JL+Dr+ hskGscEDdjJX86aqzgCB89FKN8PEvQP/qu9ifJmknEHvT5hsnR6pI1yviy6i2RJZ 8/MSNA1ITRSSIgzFNdBKd9lqmVnWa988HYdegBos7zgRsSAMVp5HQutTmzFxHcpP ZKWUrqOEIJwDbyy5hHs/25ELMmEK7D7pUw2cFg6+xxfXsYuydxVOYP+4jLxYOU+d Qkn9Cy+qmXWeWqdlAsKbb7vE6xsufsR5b6tvpD/f/Y5Cqq71M6C/h0eC0G9rdu50 HwC7ot3XiwH33i2xpW+zWdKSZqOFo4mFhVE94nE4LOM9IiOatdqWBsUi8gzTWqlo A6930jbglojbWTLie0dn95j05/LwcS1/L7ok8Uc87Fsm4yQI2VCot07XGGDUWmsd MQHw8GGx1GWyR+GXMquxlP4FuQPVglDx+y10irmyrR3HmQ8QQZr7HBFIQFa0/x+o wYgjahokRVvttBHnH/E92CE6FQcHyoqeoc3oZatmXBVyBx3d2I6nZwwBBKzor6vO uL1Eb/kEX3DxcFaJYhaX97tRWFC6/mXLIpHHtb90+aGTN2tzYElsigqqiUh8NXIr 9uyunIw0nRdu9DwCBer6ZXGQrhEQPmBFns8WVUzF5OI31CH2BOq6L1a8cMx7Vs9b tvUv3ZpsHV0= =hUC9 -----END PGP SIGNATURE-----
