libguestfs-winsupport-7.2-3.el7
エラータID: AXSA:2019-4122:01
The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine (VM) disk images.
Security Fix(es):
* ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-9755
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
Update packages.
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
N/A
SRPMS
- libguestfs-winsupport-7.2-3.el7.src.rpm
MD5: 8312287bfe98f24cf70e3bf545d26fe1
SHA-256: 47cdecb8f0bb869b1b37d5ae6951e154e95b3a2c25161f054c3d11793b0a89e7
Size: 1.17 MB
Asianux Server 7 for x86_64
- libguestfs-winsupport-7.2-3.el7.x86_64.rpm
MD5: 818fbda7919981b88632b2e59922258a
SHA-256: 4cd71c97f2c6d3f6b6190eb0f2da40701715316cc71a0a5a51c7dc80f5e25f93
Size: 2.14 MB