ALAS2-2020-1522

Amazon Linux 2 Security Advisory: ALAS-2020-1522
Advisory Release Date: 2020-10-22 18:11 Pacific
Advisory Updated Date: 2020-10-22 22:35 Pacific

Severity: Low

References: CVE-2019-9755
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges. (CVE-2019-9755)

Affected Packages:

libguestfs-winsupport

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update libguestfs-winsupport to update your system.

New Packages:

aarch64:
    libguestfs-winsupport-7.2-3.amzn2.aarch64

src:
    libguestfs-winsupport-7.2-3.amzn2.src

x86_64:
    libguestfs-winsupport-7.2-3.amzn2.x86_64

Additional References

Red Hat: CVE-2019-9755

Mitre: CVE-2019-9755