A recent security notice, USN-7714-1, was issued for Ubuntu 14.04 LTS concerning vulnerabilities in Open VM Tools. The notice highlights two significant security issues:
1. CVE-2023-34059: A vulnerability that allows a local attacker to hijack /dev/uinput, potentially enabling them to simulate user inputs.
2. CVE-2014-4199: A flaw that permits an attacker to execute a symlink attack, which can override files without proper authorization.
These vulnerabilities pose a risk to the security of systems running Ubuntu 14.04 LTS, and users are advised to take immediate action to mitigate these risks.
To address these vulnerabilities, users should update their systems to the specified package versions:
- open-vm-tools: 2:9.4.0-1280544-5ubuntu6.4+esm1 (available with Ubuntu Pro)
- open-vm-tools-desktop: 2:9.4.0-1280544-5ubuntu6.4+esm1 (available with Ubuntu Pro)
A standard system update will implement the necessary corrections to resolve these security issues.
For further information, users can refer to the official security notice at the provided link.
Extended Summary:
The Ubuntu 14.04 LTS operating system, which is nearing the end of its support life, has encountered critical security vulnerabilities in the Open VM Tools package. These vulnerabilities can lead to unauthorized access and manipulation of user inputs and files, underscoring the importance of maintaining up-to-date software, especially in virtualized environments. Users are encouraged to consider upgrading to a more recent version of Ubuntu to ensure ongoing security and receive timely updates. Additionally, organizations using Ubuntu 14.04 LTS should review their security policies and consider transitioning to supported versions to safeguard their systems against potential threats
1. CVE-2023-34059: A vulnerability that allows a local attacker to hijack /dev/uinput, potentially enabling them to simulate user inputs.
2. CVE-2014-4199: A flaw that permits an attacker to execute a symlink attack, which can override files without proper authorization.
These vulnerabilities pose a risk to the security of systems running Ubuntu 14.04 LTS, and users are advised to take immediate action to mitigate these risks.
To address these vulnerabilities, users should update their systems to the specified package versions:
- open-vm-tools: 2:9.4.0-1280544-5ubuntu6.4+esm1 (available with Ubuntu Pro)
- open-vm-tools-desktop: 2:9.4.0-1280544-5ubuntu6.4+esm1 (available with Ubuntu Pro)
A standard system update will implement the necessary corrections to resolve these security issues.
For further information, users can refer to the official security notice at the provided link.
Extended Summary:
The Ubuntu 14.04 LTS operating system, which is nearing the end of its support life, has encountered critical security vulnerabilities in the Open VM Tools package. These vulnerabilities can lead to unauthorized access and manipulation of user inputs and files, underscoring the importance of maintaining up-to-date software, especially in virtualized environments. Users are encouraged to consider upgrading to a more recent version of Ubuntu to ensure ongoing security and receive timely updates. Additionally, organizations using Ubuntu 14.04 LTS should review their security policies and consider transitioning to supported versions to safeguard their systems against potential threats
Open VM Tools update for Ubuntu 14.04 LTS
A security notice was issued for Ubuntu 14.04 LTS due to vulnerabilities found in Open VM Tools. Two issues were discovered: one where a local attacker could hijack /dev/uinput and simulate user inputs (CVE-2023-34059), and another where an attacker could setup a symlink attack to override files without authorization (CVE-2014-4199).
[USN-7714-1] Open VM Tools vulnerabilitiesOpen VM Tools update for Ubuntu 14.04 LTS @ Linux Compatible
