pool/open-vm-tools
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1108318 from Virtualization:VMware

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1108318
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/open-vm-tools?expand=0&rev=114
This commit is contained in:
Ana Guerrero 2023-09-01 12:19:12 +00:00 committed by Git OBS Bridge
commit bc3cca1bcd
3 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-20230-20900.patch Normal file
View File

@ -0,0 +1,34 @@
From eb4f36dfeb8b89443f7d5ade03316ba49a295eee Mon Sep 17 00:00:00 2001
From: John Wolfe <jwolfe@vmware.com>
Date: Fri, 18 Aug 2023 11:23:53 -0700
Subject: [PATCH] Address CVE-2023-20900
VGAuth: Allow only X509 certs to verify the SAML token signature.
---
open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
index f5541a9..0b2a945 100644
--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
@@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc,
*/
bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
if (bRet == FALSE) {
- g_warning("failed to register ID\n");
+ g_warning("Failed to register ID\n");
+ goto done;
+ }
+
+ /* Use only X509 certs to validate the signature */
+ if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
+ BAD_CAST xmlSecKeyDataX509Id) < 0) {
+ g_warning("Failed to limit allowed key data\n");
goto done;
}
--
2.6.2

7
open-vm-tools.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Aug 28 15:10:27 UTC 2023 - Kirk Allan <kallan@suse.com>
- Fix (bsc#1214566) - (CVE-2023-20900) - VUL-0: CVE-2023-20900:
open-vm-tools: SAML token signature bypass vulnerability
+ Add patch: CVE-20230-20900.patch
-------------------------------------------------------------------
Tue Jun 27 19:54:05 UTC 2023 - Dirk Müller <dmueller@suse.com>

2
open-vm-tools.spec
View File

@ -156,6 +156,7 @@ ExclusiveArch: %ix86 x86_64 aarch64
Patch2: 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
Patch3: 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
Patch4: 2023-20867-Remove-some-dead-code.patch
Patch5: CVE-20230-20900.patch
#SUSE specific patches
Patch0: pam-vmtoolsd.patch
@ -261,6 +262,7 @@ sed -i -e "s/\r//" README
%patch2 -p2
%patch3 -p2
%patch4 -p2
%patch5 -p2
#SUSE specific patches
%patch0 -p2