Security update of open-vm-tools SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20067-1 Final 1 1 2026-01-20T11:02:10Z current 2026-01-20T11:02:10Z 2026-01-20T11:02:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update of open-vm-tools This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. (boo#1250692): Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools 13.0.5 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog. There are no new features in the open-vm-tools 13.0.5 release. This is primarily a maintenance release that addresses a security issue. This release resolves and includes the patch for CVE-2025-41244. For more information on this vulnerability and its impact on Broadcom products, see VMSA-2025-0015. A minor enhancement has been made for Guest OS Customization. The DeployPkg plugin has been updated to use "systemctl reboot", if available. For a more complete list of issues addressed in this release, see the What's New and Resolved Issues section of the Release Notes. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-158 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250373 SUSE Bug 1250373 https://bugzilla.suse.com/1250692 SUSE Bug 1250692 https://www.suse.com/security/cve/CVE-2025-41244/ SUSE CVE CVE-2025-41244 page openSUSE Leap 16.0 libvmtools-devel-13.0.5-160000.1.1 libvmtools0-13.0.5-160000.1.1 open-vm-tools-13.0.5-160000.1.1 open-vm-tools-containerinfo-13.0.5-160000.1.1 open-vm-tools-desktop-13.0.5-160000.1.1 open-vm-tools-salt-minion-13.0.5-160000.1.1 open-vm-tools-sdmp-13.0.5-160000.1.1 libvmtools-devel-13.0.5-160000.1.1 as a component of openSUSE Leap 16.0 libvmtools0-13.0.5-160000.1.1 as a component of openSUSE Leap 16.0 open-vm-tools-13.0.5-160000.1.1 as a component of openSUSE Leap 16.0 open-vm-tools-containerinfo-13.0.5-160000.1.1 as a component of openSUSE Leap 16.0 open-vm-tools-desktop-13.0.5-160000.1.1 as a component of openSUSE Leap 16.0 open-vm-tools-salt-minion-13.0.5-160000.1.1 as a component of openSUSE Leap 16.0 open-vm-tools-sdmp-13.0.5-160000.1.1 as a component of openSUSE Leap 16.0 VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. CVE-2025-41244 openSUSE Leap 16.0:libvmtools-devel-13.0.5-160000.1.1 openSUSE Leap 16.0:libvmtools0-13.0.5-160000.1.1 openSUSE Leap 16.0:open-vm-tools-13.0.5-160000.1.1 openSUSE Leap 16.0:open-vm-tools-containerinfo-13.0.5-160000.1.1 openSUSE Leap 16.0:open-vm-tools-desktop-13.0.5-160000.1.1 openSUSE Leap 16.0:open-vm-tools-salt-minion-13.0.5-160000.1.1 openSUSE Leap 16.0:open-vm-tools-sdmp-13.0.5-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-41244.html CVE-2025-41244 https://bugzilla.suse.com/1250373 SUSE Bug 1250373