ALAS2022-2022-089

Related Vulnerabilities: CVE-2022-27239   CVE-2022-29869  

A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. (CVE-2022-27239) A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains = signs. (CVE-2022-29869)

ALAS2022-2022-089


Amazon Linux 2022 Security Advisory: ALAS-2022-089
Advisory Release Date: 2022-06-28 23:52 Pacific
Advisory Updated Date: 2022-07-19 19:46 Pacific
Severity: Important

Issue Overview:

A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. (CVE-2022-27239)

A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains = signs. (CVE-2022-29869)


Affected Packages:

cifs-utils


Issue Correction:
Run dnf update --releasever=2022.0.20220628 cifs-utils to update your system.

New Packages:
aarch64:
    cifs-utils-debuginfo-6.15-1.amzn2022.aarch64
    pam_cifscreds-debuginfo-6.15-1.amzn2022.aarch64
    cifs-utils-debugsource-6.15-1.amzn2022.aarch64
    cifs-utils-devel-6.15-1.amzn2022.aarch64
    cifs-utils-info-6.15-1.amzn2022.aarch64
    pam_cifscreds-6.15-1.amzn2022.aarch64
    cifs-utils-6.15-1.amzn2022.aarch64

i686:
    cifs-utils-debugsource-6.15-1.amzn2022.i686
    cifs-utils-debuginfo-6.15-1.amzn2022.i686
    cifs-utils-info-6.15-1.amzn2022.i686
    cifs-utils-6.15-1.amzn2022.i686
    pam_cifscreds-debuginfo-6.15-1.amzn2022.i686
    pam_cifscreds-6.15-1.amzn2022.i686
    cifs-utils-devel-6.15-1.amzn2022.i686

src:
    cifs-utils-6.15-1.amzn2022.src

x86_64:
    pam_cifscreds-6.15-1.amzn2022.x86_64
    pam_cifscreds-debuginfo-6.15-1.amzn2022.x86_64
    cifs-utils-debugsource-6.15-1.amzn2022.x86_64
    cifs-utils-debuginfo-6.15-1.amzn2022.x86_64
    cifs-utils-devel-6.15-1.amzn2022.x86_64
    cifs-utils-info-6.15-1.amzn2022.x86_64
    cifs-utils-6.15-1.amzn2022.x86_64