Amazon Linux 2 Security Advisory: ALAS-2020-1522
Advisory Release Date: 2020-10-22 18:11 Pacific
Advisory Updated Date: 2020-10-22 22:35 Pacific
Severity:
Low
Issue Overview:
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges. (CVE-2019-9755)
Affected Packages:
libguestfs-winsupport
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libguestfs-winsupport to update your system.
New Packages:
aarch64:
libguestfs-winsupport-7.2-3.amzn2.aarch64
src:
libguestfs-winsupport-7.2-3.amzn2.src
x86_64:
libguestfs-winsupport-7.2-3.amzn2.x86_64