Security update for open-vm-tools SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0701-1 Final 1 1 2017-03-15T14:21:18Z current 2017-03-15T14:21:18Z 2017-03-15T14:21:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for open-vm-tools This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework (CAF) - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand - Fix for quiesced snapshot failure leaving guest file system quiesced (bsc#1006796) - Fix for CVE-2015-5191 (bsc#1007600) - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496) - Add udev rule to increase VMware virtual disk timeout values (bsc#994598) - Fix vmtoolsd init script to run vmtoolsd in background (bsc#971031) - Fix copy-n-paste and drag-n-drop regressions (bsc#978424) - Add new vmblock-fuse.service - Fix a suspend with systemd issue (bsc#913727) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP1-2017-384,SUSE-SLE-SERVER-12-SP1-2017-384 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170701-1/ Link for SUSE-SU-2017:0701-1 https://lists.suse.com/pipermail/sle-security-updates/2017-March/002696.html E-Mail link for SUSE-SU-2017:0701-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1006796 SUSE Bug 1006796 https://bugzilla.suse.com/1007600 SUSE Bug 1007600 https://bugzilla.suse.com/1011057 SUSE Bug 1011057 https://bugzilla.suse.com/1013496 SUSE Bug 1013496 https://bugzilla.suse.com/1024200 SUSE Bug 1024200 https://bugzilla.suse.com/913727 SUSE Bug 913727 https://bugzilla.suse.com/938593 SUSE Bug 938593 https://bugzilla.suse.com/941384 SUSE Bug 941384 https://bugzilla.suse.com/971031 SUSE Bug 971031 https://bugzilla.suse.com/978424 SUSE Bug 978424 https://bugzilla.suse.com/985110 SUSE Bug 985110 https://bugzilla.suse.com/994598 SUSE Bug 994598 https://www.suse.com/security/cve/CVE-2015-5191/ SUSE CVE CVE-2015-5191 page SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 libvmtools0-10.1.0-5.3.1 open-vm-tools-10.1.0-5.3.1 open-vm-tools-desktop-10.1.0-5.3.1 libvmtools0-10.1.0-5.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 open-vm-tools-10.1.0-5.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 open-vm-tools-desktop-10.1.0-5.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libvmtools0-10.1.0-5.3.1 as a component of SUSE Linux Enterprise Server 12 SP1 open-vm-tools-10.1.0-5.3.1 as a component of SUSE Linux Enterprise Server 12 SP1 open-vm-tools-desktop-10.1.0-5.3.1 as a component of SUSE Linux Enterprise Server 12 SP1 libvmtools0-10.1.0-5.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 open-vm-tools-10.1.0-5.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 open-vm-tools-desktop-10.1.0-5.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2015-5191 SUSE Linux Enterprise Desktop 12 SP1:libvmtools0-10.1.0-5.3.1 SUSE Linux Enterprise Desktop 12 SP1:open-vm-tools-10.1.0-5.3.1 SUSE Linux Enterprise Desktop 12 SP1:open-vm-tools-desktop-10.1.0-5.3.1 SUSE Linux Enterprise Server 12 SP1:libvmtools0-10.1.0-5.3.1 SUSE Linux Enterprise Server 12 SP1:open-vm-tools-10.1.0-5.3.1 SUSE Linux Enterprise Server 12 SP1:open-vm-tools-desktop-10.1.0-5.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libvmtools0-10.1.0-5.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:open-vm-tools-10.1.0-5.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:open-vm-tools-desktop-10.1.0-5.3.1 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170701-1/ https://www.suse.com/security/cve/CVE-2015-5191.html CVE-2015-5191 https://bugzilla.suse.com/1007600 SUSE Bug 1007600