Advisories » MGASA-2017-0354

Updated open-vm-tools packages fix security vulnerability

Publication date: 05 Oct 2017
Modification date: 22 Sep 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2015-5191

Description

It was discovered that open-vm-tools has multiple /tmp race conditions
in the libDeployPkg component, allowing an unprivileged local user in a
guest to cause a denial of service through file system manipulation, or,
possibly, increase privileges (CVE-2015-5191).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20323
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3QIKOPGHT5CTPEKNYZDCSQ6O5CAOJHBO/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5191

SRPMS

6/core

• open-vm-tools-10.1.5-2.1.mga6