-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-cd23eac6f4 2022-09-08 11:01:41.721693 -------------------------------------------------------------------------------- Name : open-vm-tools Product : Fedora 36 Version : 12.0.5 Release : 3.fc36 URL : https://github.com/vmware/open-vm-tools Summary : Open Virtual Machine Tools for virtual machines hosted on VMware Description : The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of open-vm-tools. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2022-31676 -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 4 2022 John Wolfe <jwolfe(a)vmware.com&gt; - 12.0.5-3 - Add patch 1205-Properly-check-authorization-on-incoming-guestOps-re.patch to fix CVE-2022-31676 in open-vm-tools 12.0.5 tracked in PR 120976. - Correct build requirements - replace systemd-rpm-macros with systemd_udev. * Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 12.0.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2118714 - CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine https://bugzilla.redhat.com/show_bug.cgi?id=2118714 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-cd23eac6f4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------