ELA-955-1 open-vm-tools security update

privilege escalation

Version2:10.1.5-5055683-4+deb9u5 (stretch)
Related CVEs CVE-2023-20900

A security vulnerability was found in the Open VMware Tools. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.

For Debian 9 stretch, these problems have been fixed in version 2:10.1.5-5055683-4+deb9u5.

We recommend that you upgrade your open-vm-tools packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.