Fedora Linux 8637 Published by

An open-vm-tools security update has been released for Fedora 38.

[SECURITY] Fedora 38 Update: open-vm-tools-12.3.0-1.fc38

Fedora Update Notification
2023-09-14 01:27:18.332303

Name : open-vm-tools
Product : Fedora 38
Version : 12.3.0
Release : 1.fc38
URL : https://github.com/vmware/open-vm-tools
Summary : Open Virtual Machine Tools for virtual machines hosted on VMware
Description :
The open-vm-tools project is an open source implementation of VMware Tools. It
is a suite of open source virtualization utilities and drivers to improve the
functionality, user experience and administration of VMware virtual machines.
This package contains only the core user-space programs and libraries of

Update Information:

Package new upstream version of open-vm-tools-12.3.0-22234872. Security fix for
CVE-2023-20900, CVE-2023-20867

* Sat Sep 9 2023 John Wolfe [jwolfe@vmware.com] - 12.3.0-1
- Package new upstream version of open-vm-tools-12.3.0-22234872.
- Fix for CVE-2023-20900 - a SAML token signature bypass vulnerability.
- Fix for CVE-2023-20867 - an Authentication Bypass vulnerability.
- Linux quiesced snapshots have been updated to avoid intermittent hangs
of the vmtoolsd process.
- File systems prefrozen by custom quiescing scripts must be listed on the
"excludedFileSystems" setting in the "vmbackup" section of the tools.conf
- A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
- A number of Coverity reported issues have been addressed.
- A number of GitHub issues and pull requests have been handled.
* Thu Jul 20 2023 Fedora Release Engineering [releng@fedoraproject.org] - 12.1.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

[ 1 ] Bug #2215553 - CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module [fedora-all]
[ 2 ] Bug #2236578 - TRIAGE-CVE-2023-20900 open-vm-tools: SAML token signature bypass [fedora-all]
[ 3 ] Bug #2236603 - open-vm-tools version 12.3.0 has been released - please rebase

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-df375d0634' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at