diff --git a/CVE-2023-20900.patch b/CVE-2023-20900.patch new file mode 100644 index 0000000000000000000000000000000000000000..1e08e3717e105cfb306e90082979082f425df0a4 --- /dev/null +++ b/CVE-2023-20900.patch @@ -0,0 +1,34 @@ +From eb4f36dfeb8b89443f7d5ade03316ba49a295eee Mon Sep 17 00:00:00 2001 +From: John Wolfe +Date: Fri, 18 Aug 2023 11:23:53 -0700 +Subject: [PATCH] Address CVE-2023-20900 + +VGAuth: Allow only X509 certs to verify the SAML token signature. + +--- + open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c +index f5541a9..0b2a945 100644 +--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c ++++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c +@@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc, + */ + bRet = RegisterID(xmlDocGetRootElement(doc), "ID"); + if (bRet == FALSE) { +- g_warning("failed to register ID\n"); ++ g_warning("Failed to register ID\n"); ++ goto done; ++ } ++ ++ /* Use only X509 certs to validate the signature */ ++ if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), ++ BAD_CAST xmlSecKeyDataX509Id) < 0) { ++ g_warning("Failed to limit allowed key data\n"); + goto done; + } + +-- +2.6.2 + diff --git a/open-vm-tools-12.1.5-20735119.tar.gz b/open-vm-tools-12.2.5-21855600.tar.gz similarity index 37% rename from open-vm-tools-12.1.5-20735119.tar.gz rename to open-vm-tools-12.2.5-21855600.tar.gz index 6b12745df5c386fa86a357eade66262d620c9227..817c4353db38abd677687318177d44a823c90f2b 100644 Binary files a/open-vm-tools-12.1.5-20735119.tar.gz and b/open-vm-tools-12.2.5-21855600.tar.gz differ diff --git a/open-vm-tools.spec b/open-vm-tools.spec index a68926be42ac1eb16b3c25a826f93260d34a9c45..1a6ad5e004917cf8e9cd8c0418ee549705d33c60 100644 --- a/open-vm-tools.spec +++ b/open-vm-tools.spec @@ -20,9 +20,9 @@ ################################################################################ %global _hardened_build 1 -%global majorversion 12.1 +%global majorversion 12.2 %global minorversion 5 -%global toolsbuild 20735119 +%global toolsbuild 21855600 %global toolsversion %{majorversion}.%{minorversion} %global toolsdaemon vmtoolsd %global vgauthdaemon vgauthd @@ -41,11 +41,10 @@ Source3: run-vmblock-fuse.mount Source4: open-vm-tools.conf Source5: vmtoolsd.pam - ExclusiveArch: x86_64 aarch64 # Patches -#Patch1: .patch +Patch1: CVE-2023-20900.patch BuildRequires: autoconf BuildRequires: automake @@ -154,7 +153,7 @@ useful for verifying the functioning of %{name} in VMware virtual machines. %prep -%autosetup -p1 -n %{name}-%{version}-%{toolsbuild} +%autosetup -p2 -n %{name}-%{version}-%{toolsbuild} %build autoreconf -vif @@ -387,6 +386,9 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog +* Mon Sep 11 2023 Chenxi Mao - 12.2.5-1 +- Upgrade to 12.2.5 with CVE-2023-20900 fix + * Wed Jan 18 2023 Chenxi Mao - 12.1.5-1 - Upgrade to 12.1.5 with CVE fix