Vulmon
Amazon Linux 2022 Security Advisory: ALAS-2022-204
Advisory Release Date: 2022-11-01 21:25 Pacific
Advisory Updated Date: 2022-11-03 20:54 Pacific
Severity:
Important
Issue Overview:
A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. (CVE-2022-27239)
A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains = signs. (CVE-2022-29869)
Affected Packages:
cifs-utils
Issue Correction:
Run dnf update cifs-utils --releasever=2022.0.20221102 to update your system.
New Packages:
aarch64:
cifs-utils-devel-6.15-1.amzn2022.0.1.aarch64
pam_cifscreds-debuginfo-6.15-1.amzn2022.0.1.aarch64
cifs-utils-info-6.15-1.amzn2022.0.1.aarch64
cifs-utils-debugsource-6.15-1.amzn2022.0.1.aarch64
pam_cifscreds-6.15-1.amzn2022.0.1.aarch64
cifs-utils-debuginfo-6.15-1.amzn2022.0.1.aarch64
cifs-utils-6.15-1.amzn2022.0.1.aarch64
i686:
cifs-utils-debugsource-6.15-1.amzn2022.0.1.i686
cifs-utils-info-6.15-1.amzn2022.0.1.i686
cifs-utils-debuginfo-6.15-1.amzn2022.0.1.i686
cifs-utils-6.15-1.amzn2022.0.1.i686
pam_cifscreds-debuginfo-6.15-1.amzn2022.0.1.i686
pam_cifscreds-6.15-1.amzn2022.0.1.i686
cifs-utils-devel-6.15-1.amzn2022.0.1.i686
src:
cifs-utils-6.15-1.amzn2022.0.1.src
x86_64:
cifs-utils-debuginfo-6.15-1.amzn2022.0.1.x86_64
cifs-utils-devel-6.15-1.amzn2022.0.1.x86_64
cifs-utils-debugsource-6.15-1.amzn2022.0.1.x86_64
cifs-utils-info-6.15-1.amzn2022.0.1.x86_64
cifs-utils-6.15-1.amzn2022.0.1.x86_64
pam_cifscreds-debuginfo-6.15-1.amzn2022.0.1.x86_64
pam_cifscreds-6.15-1.amzn2022.0.1.x86_64