libguestfs-winsupport-7.2-3.el7

エラータID: AXSA:2019-4122:01

Release date: 
Tuesday, August 20, 2019 - 02:57
Subject: 
libguestfs-winsupport-7.2-3.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine (VM) disk images.

Security Fix(es):

* ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-9755
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.

Solution: 

Update packages.

CVEs: 
CVE-2019-9755
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
Additional Info: 

N/A

Download: 

SRPMS
  1. libguestfs-winsupport-7.2-3.el7.src.rpm
    MD5: 8312287bfe98f24cf70e3bf545d26fe1
    SHA-256: 47cdecb8f0bb869b1b37d5ae6951e154e95b3a2c25161f054c3d11793b0a89e7
    Size: 1.17 MB

Asianux Server 7 for x86_64
  1. libguestfs-winsupport-7.2-3.el7.x86_64.rpm
    MD5: 818fbda7919981b88632b2e59922258a
    SHA-256: 4cd71c97f2c6d3f6b6190eb0f2da40701715316cc71a0a5a51c7dc80f5e25f93
    Size: 2.14 MB