|
Bugzilla – Full Text Bug Listing |
| Summary: | open-vm-tools 12.3.0 has been released - please rebase | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | John Wolfe <jwolfe> |
| Component: | Virtualization:Tools | Assignee: | Kirk Allan <kallan> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | john.wolfe, jsavanyo, jwolfe, kallan, mcowley, stoyan.manolov, vmware-gos-qa |
| Version: | Current | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
SUSE-SU-2023:3795-1: An update that solves one vulnerability, contains one feature and has one security fix can now be installed. Category: security (important) Bug References: 1205927, 1214850 CVE References: CVE-2023-20900 Jira References: PED-1344 Sources used: SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): open-vm-tools-12.3.0-4.59.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): open-vm-tools-12.3.0-4.59.1 SUSE Linux Enterprise Server 12 SP5 (src): open-vm-tools-12.3.0-4.59.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2023:3835-1: An update that solves one vulnerability, contains one feature and has one security fix can now be installed. Category: security (important) Bug References: 1205927, 1214850 CVE References: CVE-2023-20900 Jira References: PED-1344 Sources used: openSUSE Leap 15.4 (src): open-vm-tools-12.3.0-150300.37.1 openSUSE Leap 15.5 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise Micro 5.3 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise Micro 5.4 (src): open-vm-tools-12.3.0-150300.37.1 Basesystem Module 15-SP4 (src): open-vm-tools-12.3.0-150300.37.1 Basesystem Module 15-SP5 (src): open-vm-tools-12.3.0-150300.37.1 Desktop Applications Module 15-SP4 (src): open-vm-tools-12.3.0-150300.37.1 Desktop Applications Module 15-SP5 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Manager Proxy 4.2 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Manager Retail Branch Server 4.2 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Manager Server 4.2 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Enterprise Storage 7.1 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise Micro 5.1 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise Micro 5.2 (src): open-vm-tools-12.3.0-150300.37.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): open-vm-tools-12.3.0-150300.37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. Submissions have been made. Marking as fixed. |
open-vm-tools 12.3.0 was released on Aug. 31, 2023. Also affects project (?) Also affects distribution/package Edit Bug Description There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: This release resolves CVE-2023-20900. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html. A tools.conf configuration setting is available to temporaily direct Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior of ignoring file systems already frozen. Building of the VMware Guest Authentication Service (VGAuth) using "xml-security-c" and "xerces-c" is being deprecated. A number of Coverity reported issues have been addressed. A number of GitHub issues and pull requests have been handled. Please see the Resolves Issues section of the Release Notes. For issues resolved in this release, see the Resolved Issues section of the Release Notes. For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0 Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md The granular changes that have gone into the 12.3.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog Note: With the changes upstreamed and the fix for CVE-2023-20867 in the source, you may not need the following patches in your open-vm-toold pacjage build: 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch 2023-20867-Remove-some-dead-code.patch detect-suse-location.patch Please rebase open-vm-tools version 12.3.0 in supported releases of SLES 12 and SLES 15 for x86_64/amd64 and aarch64/ARM64 architectures as appropriate.