-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5919-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 14, 2025                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : open-vm-tools
CVE ID         : CVE-2025-22247
Debian Bug     : 1105159

It was discovered that insecure file handling in open-vm-tools, an open
source implementation of VMware Tools, may allow an unprivileged local
guest user to tamper local files to trigger insecure file operations
within that VM.

For the stable distribution (bookworm), this problem has been fixed in
version 2:12.2.0-1+deb12u3.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmgk/p1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QzOQ/6A05ASlajboMSqiwKLXyreXigM90UR2aHEnRIqMMnrycbXNmeaBdDwTvF
1frstunmqWLkCUILvbTZYOAUnR/1CvykMRrYwcGhsJ07w3000+ylen8lJMvBYEru
GydqglUxjRWJu80g8DFEGcg5Vy/ZwtMjShdWEWHv3pQuFrYpdlUdbMRDpTMWSGe7
9hX77irgEokZpdby/43dcXoipTjqDSeLtwZwBVtth5x1DQXlXNVgN0Itx3OhGpIt
ImjKmNPDg0BED3ANKmM912B1kD3hJrPty/pxc8DuqJ29Mt3OABa9zesU+UpR8Riw
TUVfwfI6voGpI+OL9hlPgdyJGoD/KxMublzqnGTN9qeGruwX3Fbe5iz1ewpb5nCS
flsMLlAIbYCThajgcpy4+Na662FlrOyAzdYNtOx0fMJfTB9myORP7WuYV7ZLL7T0
H8T/rCDBLbw6JiExnzPNE2CGhQni6ZBfl5Aa1NpefvxxFTcSHNjPhpsDvW6gArHU
833KkTSTkG9dqryMLiBXvM8/Djpsb3kzvtBPnmm7XVJUjsIJVV+VZ9vTl4bpYAX4
KmV/rw686gHba9NSFPR/4qfKkU0tdBnp6Ox8Ov7sUV20Qe+grIUE916i4c1UFmZx
DsD0SrAfSlsN5Qvq1KSFMaT5nXkD1g6PCfV3gllOYFKyh+Ipxok=Dp4n
-----END PGP SIGNATURE-----