Skip to content
Snippets Groups Projects
Commit 422b6650 authored by Pavel Vondruska's avatar Pavel Vondruska
Browse files

right patch and change changelog

parent 612555a3
No related branches found
No related tags found
No related merge requests found
Pipeline #2055 failed
Index: pkg-open-vm-tools/open-vm-tools/vgauth/serviceImpl/proto.c
===================================================================
--- pkg-open-vm-tools.orig/open-vm-tools/vgauth/serviceImpl/proto.c
+++ pkg-open-vm-tools/open-vm-tools/vgauth/serviceImpl/proto.c
@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnec
VGAuthError err;
gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn);
+ if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) {
+ return VGAUTH_E_PERMISSION_DENIED;
+ }
+
switch (req->reqType) {
/*
* This comes over the public connection; alwsys let it through.
...@@ -33,9 +33,21 @@ dget https://deb.debian.org/debian/pool/main/o/open-vm-tools/open-vm-tools_10.3. ...@@ -33,9 +33,21 @@ dget https://deb.debian.org/debian/pool/main/o/open-vm-tools/open-vm-tools_10.3.
cd open-vm-tools-10.3.10 cd open-vm-tools-10.3.10
mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --yes' debian/control mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --yes' debian/control
wget https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/raw/67b16ff62228304dfe96d33a0ba663c2e8d3167d/debian/patches/1125-Properly-check-authorization-on-incoming-guestOps-re.patch -O debian/patches/1125-Properly-check-authorization-on-incoming-guestOps-re.patch #wget https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/raw/67b16ff62228304dfe96d33a0ba663c2e8d3167d/debian/patches/1125-Properly-check-authorization-on-incoming-guestOps-re.patch -O debian/patches/1125-Properly-check-authorization-on-incoming-guestOps-re.patch
cp -v 1125-Properly-check-authorization-on-incoming-guestOps-re.patch debian/patches
echo '1125-Properly-check-authorization-on-incoming-guestOps-re.patch' >> debian/patches/series echo '1125-Properly-check-authorization-on-incoming-guestOps-re.patch' >> debian/patches/series
cat << EOCHL > debian/changelog
open-vm-tools (2:10.3.10-1+deb10u2+dex1) buster; urgency=medium
* [67b16ff] Properly check authorization on incoming guestOps requests.
(Closes: #1018012 CVE-2022-31676)
-- Bernd Zeimetz <bzed@debian.org> Wed, 24 Aug 2022 10:28:40 +0200
$(cat debian/changelog)
EOCHL
dpkg-buildpackage -uc -us -b dpkg-buildpackage -uc -us -b
cd .. cd ..
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment