AXSA:2019-4122:01

Release date: 
Tuesday, August 20, 2019 - 01:57
Subject: 
libguestfs-winsupport-7.2-3.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine (VM) disk images.

Security Fix(es):

* ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-9755
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
1. libguestfs-winsupport-7.2-3.el7.src.rpm
md5sum: 8312287bfe98f24cf70e3bf545d26fe1
sha256sum: 47cdecb8f0bb869b1b37d5ae6951e154e95b3a2c25161f054c3d11793b0a89e7
Size: 1,194 Kb

Asianux Server 7.0 for x86_64
1. libguestfs-winsupport-7.2-3.el7.x86_64.rpm
md5sum: 818fbda7919981b88632b2e59922258a
sha256sum: 4cd71c97f2c6d3f6b6190eb0f2da40701715316cc71a0a5a51c7dc80f5e25f93
Size: 2,193 Kb
Copyright© 2007-2015 Asianux. All rights reserved.