ALAS-2015-622


Amazon Linux AMI Security Advisory: ALAS-2015-622
Advisory Release Date: 2015-12-13 14:22 Pacific
Severity: Low
References: CVE-2012-2150 

Issue Overview:

It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information.


Affected Packages:

xfsprogs


Issue Correction:
Run yum update xfsprogs to update your system.

New Packages:
i686:
    xfsprogs-3.2.2-2.20.amzn1.i686
    xfsprogs-devel-3.2.2-2.20.amzn1.i686
    xfsprogs-debuginfo-3.2.2-2.20.amzn1.i686

src:
    xfsprogs-3.2.2-2.20.amzn1.src

x86_64:
    xfsprogs-debuginfo-3.2.2-2.20.amzn1.x86_64
    xfsprogs-3.2.2-2.20.amzn1.x86_64
    xfsprogs-devel-3.2.2-2.20.amzn1.x86_64