Ubuntu
open-vm-tools package

merge open-vm-tools version 13.0.5

  1. Resolute (26.04)
  2. Bug #2126452
Bug #2126452 reported by John Wolfe
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
open-vm-tools (Ubuntu)
Status tracked in Resolute
Questing
Triaged
Undecided
Unassigned
Resolute
Triaged
Undecided
Unassigned

Bug Description

open-vm-tools 13.0.5 was released on Sept 29, 2025 - based on build 24915695

There are no new features in the open-vm-tools 13.0.5 release. This is primarily a maintenance release that addresses a security issue.

This release resolves [CVE-2025-41244](https://www.cve.org/CVERecord?id=CVE-2025-41244). For more information on this vulnerability and its impact on Broadcom products, see [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149).

 - A patch to address CVE-2025-41244 on earlier open-vm-tools releases is provided to the Linux community at [CVE-2025-41244.patch](https://github.com/vmware/open-vm-tools/tree/CVE-2025-41244.patch).

A minor enhancement has been made for Guest OS Customization. The DeployPkg plugin has been updated to use "systemctl reboot", if available.

For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-13.0.5.

Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md.

For a more complete list of issues addressed in this release, see the [What's New](https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md#whatsnew) and [Resolved Issues ](https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md#resolved-issues) section of the Release Notes.

The granular changes that have gone into the open-vm-tools 13.0.5 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog

An additional one-off patch is available for Guest OS Customization to handle the new exit code 2 (recoverable error) from cloud-init. This patch can be directly applied to the open-vm-tools source from version 12.1.5 through 13.0.5. If desired, download this patch from https://github.com/vmware/open-vm-tools/tree/Handle-new-cloud-init-error-code.patch

Please rebase open-vm-tools to release 13.0.5 on supported Ubuntu releases as appropriate

CVE References

Revision history for this message
Christian Ehrhardt (paelzer) wrote :

Hi John,
thanks for the regular pings when releases are out.
We will do that, but the current release 25.10 is in freeze so this will happen throughout 26.04.

As usual we will then evaluate if that also should be SRUed back to active releases.

tags: added: needs-merge
Changed in open-vm-tools (Ubuntu):
status: New → Triaged
tags: added: server-todo
Revision history for this message
John Wolfe (johnwvmw) wrote :

Hi Christian,

I totally understand the restrictions imposed by release schedules.

I trust that security has or is planning updates to supported open-vm-tools 12.5.0 and 13.0.0 packages that address the recently announced CVE-2025-41244 mentioned in the rebase request.

Thanks

Revision history for this message
Jonas Jelten (jj) wrote :

Patches for the CVE are out for all releases up to questing: https://ubuntu.com/security/CVE-2025-41244

Just the merge to 13.0.5 from 13.0.0 is pending now.

summary: - open-vm-tools version 13.0.5 has been released - please rebase
+ merge open-vm-tools version 13.0.5
Changed in open-vm-tools (Ubuntu Questing):
status: New → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.