An open-vm-tools security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue allowing an unprivileged local guest user to escalate their privileges as root user in the virtual machine.

ELA-682-1 open-vm-tools security update

Package open-vm-tools
Version 2:10.1.5-5055683-4+deb9u3 (stretch)
Related CVEs CVE-2022-31676

A vulnerability was discovered in open-vm-tools, an open source implementation of VMware Tools, allowing an unprivileged local guest user to escalate their privileges as root user in the virtual machine.

For Debian 9 stretch, these problems have been fixed in version 2:10.1.5-5055683-4+deb9u3.

We recommend that you upgrade your open-vm-tools packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-682-1 open-vm-tools security update