0

As per vulnerability CVE-2022-31676 I'm trying to update my Oracle Linux 8.6 systems open-vm-tools to 12.1.0. However, I'm finding that this package isn't still in the repository, so I have been trying to locate it in another RHEL-based repositories.

Finally, I found it in centOS 9 appstream mirror but when I proceed with the installation I receive the following error:

error: Failed dependencies:
        libc.so.6(GLIBC_2.33)(64bit) is needed by open-vm-tools-12.1.0-1.eln121.x86_64
        libc.so.6(GLIBC_2.34)(64bit) is needed by open-vm-tools-12.1.0-1.eln121.x86_64
        libcrypto.so.3()(64bit) is needed by open-vm-tools-12.1.0-1.eln121.x86_64
        libcrypto.so.3(OPENSSL_3.0.0)(64bit) is needed by open-vm-tools-12.1.0-1.eln121.x86_64
        libssl.so.3()(64bit) is needed by open-vm-tools-12.1.0-1.eln121.x86_64
        libssl.so.3(OPENSSL_3.0.0)(64bit) is needed by open-vm-tools-12.1.0-1.eln121.x86_64

Why this package isn't still in the OL86 repository? As it contains a vulnerability patch should be published as soon as possible.

Is there something I'm missing with this installation? Should I install using another method?

BraveAdmin
  • 105
  • 6

1 Answers1

2

You don't necessarily really need to update to 12.1.0.

According to the Oracle Errata the CVE-2022-31676 is fixed in the package version:

  • 11.3.5-1.el8_6.1

If you already are on that version you are safe.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89