Amazon Linux 2 Security Advisory: ALAS-2023-1977
Advisory Release Date: 2023-03-02 22:35 Pacific
Advisory Updated Date: 2023-03-07 00:20 Pacific
Severity:
Important
Issue Overview:
A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. (CVE-2022-27239)
A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains = signs. (CVE-2022-29869)
Affected Packages:
cifs-utils
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update cifs-utils to update your system.
New Packages:
aarch64:
cifs-utils-6.2-10.amzn2.0.4.aarch64
cifs-utils-devel-6.2-10.amzn2.0.4.aarch64
cifs-utils-debuginfo-6.2-10.amzn2.0.4.aarch64
i686:
cifs-utils-6.2-10.amzn2.0.4.i686
cifs-utils-devel-6.2-10.amzn2.0.4.i686
cifs-utils-debuginfo-6.2-10.amzn2.0.4.i686
src:
cifs-utils-6.2-10.amzn2.0.4.src
x86_64:
cifs-utils-6.2-10.amzn2.0.4.x86_64
cifs-utils-devel-6.2-10.amzn2.0.4.x86_64
cifs-utils-debuginfo-6.2-10.amzn2.0.4.x86_64