Bug 1216670

Summary: open-vm-tools 12.3.5 has been released - please rebase
Product: [openSUSE] openSUSE Tumbleweed Reporter: John Wolfe <jwolfe>
Component: Virtualization:ToolsAssignee: Kirk Allan <kallan>
Status: VERIFIED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Minor    
Priority: P5 - None CC: jsavanyo, jwolfe, kallan, mcowley, vmware-gos-qa
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description John Wolfe 2023-10-27 19:07:09 UTC 
There are no new features in the open-vm-tools 12.3.5 release. This is primarily a maintenance release that addresses a few critical problems, including:

    This release resolves CVE-2023-34058<https://github.com/advisories/GHSA-h5hf-5wcj-6hmf>. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0024.html.

    This release resolves CVE-2023-34059<https://github.com/advisories/GHSA-q6p8-m5f4-4vmp> which only affects open-vm-tools. For more information on this vulnerability, please see the Resolved Issues section of the Release Notes.

    A GitHub issue has been handled. Please see the Resolved Issues section of the Release Notes.

     For issues resolved in this release, see the Resolved Issues <https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md#resolved-issues> section of the Release Notes.

For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5

Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/ReleaseNotes.md

The granular changes that have gone into the 12.3.5 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.5/open-vm-tools/ChangeLog

Please rebase open-vm-tools to release 12.3.5 on supported SUSE releases as appropriate.
Comment 1 Andreas Stieger 2023-10-28 05:00:22 UTC 
See bug CVE-2023-34058

*** This bug has been marked as a duplicate of bug 1216432 ***
Comment 2 John Wolfe 2023-10-29 20:25:34 UTC 
(In reply to Andreas Stieger from comment #1)
> See bug CVE-2023-34058
> 
> *** This bug has been marked as a duplicate of bug 1216432 ***

open-vm-tools 12.3.5 does resolve the two CVEs addressed in bug 1216432, but it also has an update to the deployPkg plugin coordinated with recent releases of cloud-init for improvement for guest VM customization.

Please consider subsequent rebase of the open-vm-tools 12.3.5 to upcoming SLES releases/updates for the convenience of SLES users
Comment 3 Andreas Stieger 2023-10-29 21:03:02 UTC 
.
Comment 5 Maintenance Automation 2023-11-15 08:30:02 UTC 
SUSE-RU-2023:4447-1: An update that has one fix can now be installed.

Category: recommended (moderate)
Bug References: 1216670
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): open-vm-tools-12.3.5-4.65.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): open-vm-tools-12.3.5-4.65.1
SUSE Linux Enterprise Server 12 SP5 (src): open-vm-tools-12.3.5-4.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Maintenance Automation 2023-11-15 08:30:04 UTC 
SUSE-RU-2023:4446-1: An update that has one fix can now be installed.

Category: recommended (moderate)
Bug References: 1216670
Sources used:
openSUSE Leap 15.3 (src): open-vm-tools-12.3.5-150300.46.1
openSUSE Leap Micro 5.3 (src): open-vm-tools-12.3.5-150300.46.1
openSUSE Leap Micro 5.4 (src): open-vm-tools-12.3.5-150300.46.1
openSUSE Leap 15.4 (src): open-vm-tools-12.3.5-150300.46.1
openSUSE Leap 15.5 (src): open-vm-tools-12.3.5-150300.46.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): open-vm-tools-12.3.5-150300.46.1
SUSE Linux Enterprise Micro 5.3 (src): open-vm-tools-12.3.5-150300.46.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): open-vm-tools-12.3.5-150300.46.1
SUSE Linux Enterprise Micro 5.4 (src): open-vm-tools-12.3.5-150300.46.1
SUSE Linux Enterprise Micro 5.5 (src): open-vm-tools-12.3.5-150300.46.1
Basesystem Module 15-SP4 (src): open-vm-tools-12.3.5-150300.46.1
Basesystem Module 15-SP5 (src): open-vm-tools-12.3.5-150300.46.1
Desktop Applications Module 15-SP4 (src): open-vm-tools-12.3.5-150300.46.1
Desktop Applications Module 15-SP5 (src): open-vm-tools-12.3.5-150300.46.1
SUSE Linux Enterprise Micro 5.1 (src): open-vm-tools-12.3.5-150300.46.1
SUSE Linux Enterprise Micro 5.2 (src): open-vm-tools-12.3.5-150300.46.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): open-vm-tools-12.3.5-150300.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Kirk Allan 2023-12-13 17:24:09 UTC 
Open-vm-tools 12.3.5 is now in the update channels.  Marking as fixed.
Comment 8 Mark Cowley 2024-02-15 16:20:44 UTC 
Setting bugzilla to verified.  (Test update for John.)