libguestfs-winsupport-9.2-2.el9

エラータID: AXSA:2023-6554:02

Release date: 
Tuesday, October 31, 2023 - 04:08
Subject: 
libguestfs-winsupport-9.2-2.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine (VM) disk images.

Security Fix(es):

* NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image (CVE-2022-40284)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-40284
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

Solution: 

Update packages.

CVEs: 
CVE-2022-40284
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.
Additional Info: 

N/A

Download: 

SRPMS
  1. libguestfs-winsupport-9.2-2.el9.src.rpm
    MD5: 8f86b970a1c4795945dc35deb93d5ef3
    SHA-256: 038c4682123246af4ecd6b2ba85f7d1463f0ec44105bb2a0bd12ba26150e9f93
    Size: 1.31 MB

Asianux Server 9 for x86_64
  1. libguestfs-winsupport-9.2-2.el9.x86_64.rpm
    MD5: 405e24c50d5e1a7f4c24fc285f7633ff
    SHA-256: 955601074323e3e320732719b7a9985ac2b243f7406c0fbd4353cae04ead43d7
    Size: 2.40 MB