ELA-924-1 open-vm-tools security update

authentication bypass vulnerability

Version2:9.4.6-1770165-8+deb8u1 (jessie), 2:10.1.5-5055683-4+deb9u4 (stretch)
Related CVEs CVE-2023-20867

open-vm-tools is a package that provides Open VMware Tools for virtual machines hosted on VMware.

It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

For Debian 8 jessie, these problems have been fixed in version 2:9.4.6-1770165-8+deb8u1.

For Debian 9 stretch, these problems have been fixed in version 2:10.1.5-5055683-4+deb9u4.

We recommend that you upgrade your open-vm-tools packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.