A security vulnerability was found in the Open VMware Tools. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
For Debian 9 stretch, these problems have been fixed in version 2:10.1.5-5055683-4+deb9u5.
We recommend that you upgrade your open-vm-tools packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.