commit open-vm-tools for openSUSE:Factory

Fri, 01 Sep 2023 05:19:46 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package open-vm-tools for openSUSE:Factory 
checked in at 2023-09-01 14:19:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/open-vm-tools (Old)
 and      /work/SRC/openSUSE:Factory/.open-vm-tools.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "open-vm-tools"

Fri Sep  1 14:19:12 2023 rev:114 rq:1108318 version:12.2.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/open-vm-tools/open-vm-tools.changes      
2023-06-30 19:58:31.557519891 +0200
+++ /work/SRC/openSUSE:Factory/.open-vm-tools.new.1766/open-vm-tools.changes    
2023-09-01 14:19:30.184857832 +0200
@@ -1,0 +2,7 @@
+Mon Aug 28 15:10:27 UTC 2023 - Kirk Allan <kal...@suse.com>
+
+- Fix (bsc#1214566) - (CVE-2023-20900) - VUL-0: CVE-2023-20900:
+  open-vm-tools: SAML token signature bypass vulnerability
+  + Add patch: CVE-20230-20900.patch
+
+-------------------------------------------------------------------

New:
----
  CVE-20230-20900.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ open-vm-tools.spec ++++++
--- /var/tmp/diff_new_pack.II5sLc/_old  2023-09-01 14:19:32.164928502 +0200
+++ /var/tmp/diff_new_pack.II5sLc/_new  2023-09-01 14:19:32.172928788 +0200
@@ -156,6 +156,7 @@
 Patch2:         0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
 Patch3:         0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
 Patch4:         2023-20867-Remove-some-dead-code.patch
+Patch5:         CVE-20230-20900.patch
 
 #SUSE specific patches
 Patch0:         pam-vmtoolsd.patch
@@ -261,6 +262,7 @@
 %patch2 -p2
 %patch3 -p2
 %patch4 -p2
+%patch5 -p2
 
 #SUSE specific patches
 %patch0 -p2

++++++ CVE-20230-20900.patch ++++++
>From eb4f36dfeb8b89443f7d5ade03316ba49a295eee Mon Sep 17 00:00:00 2001
From: John Wolfe <jwo...@vmware.com>
Date: Fri, 18 Aug 2023 11:23:53 -0700
Subject: [PATCH] Address CVE-2023-20900

VGAuth: Allow only X509 certs to verify the SAML token signature.

---
 open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c 
b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
index f5541a9..0b2a945 100644
--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
@@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc,
     */
    bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
    if (bRet == FALSE) {
-      g_warning("failed to register ID\n");
+      g_warning("Failed to register ID\n");
+      goto done;
+   }
+
+   /* Use only X509 certs to validate the signature */
+   if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
+                        BAD_CAST xmlSecKeyDataX509Id) < 0) {
+      g_warning("Failed to limit allowed key data\n");
       goto done;
    }
 
-- 
2.6.2

Reply via email to