Hey everyone! Our team is currently looking into updating VMware Tools across all our systems because of some recent security vulnerabilities. We've been using open-vm-tools on our Linux machines, but I've noticed that updates usually come through the distro package manager, which often doesn't provide the latest versions we need. I'm wondering if there's a sensible way to update open-vm-tools on Linux without having to wait for the official repository updates. I'd really appreciate any insights or advice on this!
5 Answers
From a compliance standpoint, I've found that using VMware's official guest tools gets you faster support and fixes. Even though I prefer open-vm-tools, sticking to what's supported can prevent unexpected troubles later on.
I understand the urgency, but if it’s not a regulatory requirement, maybe hold off on forcing an update. Uninstalling the package temporarily can be a safer route than risking serious dependency issues that come with out-of-band updates. I’d argue this vulnerability is more about privilege escalation rather than anything critical, so the benefits of hurriedly updating might not outweigh the risks. Just a thought!
One option is to set up your own "official" repository for your machines. You can package the latest open-vm-tools from the tarball into the format your repo requires and automate the updates. However, keep in mind that sometimes the fixes might introduce new issues, so just be careful with that!
If you stick with the distro's package updates, that helps align with their release schedule. Keeping things within the given schedules can often save you from headaches later on.
If you're using a main distro, they often backport security fixes, so checking their security tracker for CVE updates might be worthwhile. It can save you from the hassle of manual updates!
Exactly! I'm hesitant about this approach too, mainly because of potential dependency conflicts on production systems. It’s usually safer to let the distro manage updates.