{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "open-vm-tools" ] } }, "diff": { "deb": [ { "name": "open-vm-tools", "from_version": { "source_package_name": "open-vm-tools", "source_package_version": "2:11.3.0-2ubuntu0~ubuntu20.04.7", "version": "2:11.3.0-2ubuntu0~ubuntu20.04.7" }, "to_version": { "source_package_name": "open-vm-tools", "source_package_version": "2:11.3.0-2ubuntu0~ubuntu20.04.8", "version": "2:11.3.0-2ubuntu0~ubuntu20.04.8" }, "cves": [ { "cve": "CVE-2025-22247", "url": "https://ubuntu.com/security/CVE-2025-22247", "cve_description": "VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.", "cve_priority": "medium", "cve_public_date": "2025-05-12" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-22247", "url": "https://ubuntu.com/security/CVE-2025-22247", "cve_description": "VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.", "cve_priority": "medium", "cve_public_date": "2025-05-12" } ], "log": [ "", " * SECURITY UPDATE: insecure file handling vulnerability", " - debian/patches/CVE-2025-22247.patch: properly check symlinks and path", " traversal chars in open-vm-tools/vgauth/common/VGAuthUtil.c,", " open-vm-tools/vgauth/common/VGAuthUtil.h,", " open-vm-tools/vgauth/common/prefs.h,", " open-vm-tools/vgauth/common/usercheck.c,", " open-vm-tools/vgauth/serviceImpl/alias.c,", " open-vm-tools/vgauth/serviceImpl/service.c,", " open-vm-tools/vgauth/serviceImpl/serviceInt.h.", " - CVE-2025-22247", "" ], "package": "open-vm-tools", "version": "2:11.3.0-2ubuntu0~ubuntu20.04.8", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 06 May 2025 09:36:15 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 20.04 focal image from release image serial 20250508.1 to 20250514", "from_series": "focal", "to_series": "focal", "from_serial": "20250508.1", "to_serial": "20250514", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }