Mailinglist Archive: opensuse-updates (121 mails)

< Previous Next >
openSUSE-SU-2017:0509-1: moderate: Security update for open-vm-tools
openSUSE Security Update: Security update for open-vm-tools
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:0509-1
Rating: moderate
References: #1006796 #1007600 #1011057 #1013496 #913727
#971031 #978424 #985110 #994598
Cross-References: CVE-2015-5191
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that solves one vulnerability and has 8 fixes is
now available.

Description:


This update for open-vm-tools fixes the following issues:

- Updated to 10.1.0 stable release (boo#1011057)
+ vmware-namespace-cmd command line utility.
+ gtk3 support
+ Common Agent Framework (CAF)
+ guest authentication with xmlsec1
+ FreeBSD support
+ sub-command to push updated network information to the host on demand
+ udev rules for configuring SCSI timeouts in the guest
+ fixes for Ubuntu 16.10
+ Fix for quiesced snapshot failure leaving guest file system quiesced
(boo#1006796)
+ Fix for CVE-2015-5191 (boo#1007600)

- Report SLES12-SAP guest OS as SLES12 (boo#1013496)

- Remove building KMP modules. No longer needed or wanted for current
releases. User space tool vmhgfs-fuse has replaced the need for vmhgfs
kernel module.

- Add udev rule to increase VMware virtual disk timeout values (boo#994598)

- Fix vmtoolsd init script to run vmtoolsd in background. (boo#971031)
+ fix originally done in SLE-11-SP4 code base by tcech@xxxxxxx

- Added patches for GCC 6 build failure (boo#985110)

- Update to 10.0.7-gtk3 stable branch
+ add support for gtk3, needed by the dndcp and resolutionset plugins
+ remove files generated by autoreconf
+ a few minor build fixes
- Update fixes copy-n-paste and drag-n-drop regressions (boo#978424)
- Added new vmblock-fuse.service

- Update to 10.0.7 stable branch
+ Added namespace command line utility "vmware-namespace-cmd".

- Compile without gtkmm support for SLES12 based environments (which do
not provide gtkmm2.4)

- Update to 10.0.5 stable branch
+ [vgauth] fix timestamp check
+ [libresolutionSet.so] Add an error handler to X11 resolutionSet
+ [vmci.ko] Kill tasklet when unloading vmci module
+ [libvmbackup.so] Quiesced snapshots Skip freezing autofs mounts.
+ [vmhgfs.ko] make vmhgfs compatible with Linux kernel 4.2

- This update also addresses a suspend with systemd issue (boo#913727)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-276=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

libvmtools-devel-10.1.0-6.1
libvmtools0-10.1.0-6.1
libvmtools0-debuginfo-10.1.0-6.1
open-vm-tools-10.1.0-6.1
open-vm-tools-debuginfo-10.1.0-6.1
open-vm-tools-debugsource-10.1.0-6.1
open-vm-tools-desktop-10.1.0-6.1
open-vm-tools-desktop-debuginfo-10.1.0-6.1


References:

https://www.suse.com/security/cve/CVE-2015-5191.html
https://bugzilla.suse.com/1006796
https://bugzilla.suse.com/1007600
https://bugzilla.suse.com/1011057
https://bugzilla.suse.com/1013496
https://bugzilla.suse.com/913727
https://bugzilla.suse.com/971031
https://bugzilla.suse.com/978424
https://bugzilla.suse.com/985110
https://bugzilla.suse.com/994598


< Previous Next >
This Thread
  • No further messages