AmazonALAS-2015-622Low: xfsprogs
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.027 Low
EPSS
Percentile
90.5%
Issue Overview:
It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information.
Affected Packages:
xfsprogs
Issue Correction:
Run yum update xfsprogs to update your system.
New Packages:
i686:
xfsprogs-3.2.2-2.20.amzn1.i686
xfsprogs-devel-3.2.2-2.20.amzn1.i686
xfsprogs-debuginfo-3.2.2-2.20.amzn1.i686
src:
xfsprogs-3.2.2-2.20.amzn1.src
x86_64:
xfsprogs-debuginfo-3.2.2-2.20.amzn1.x86_64
xfsprogs-3.2.2-2.20.amzn1.x86_64
xfsprogs-devel-3.2.2-2.20.amzn1.x86_64
Additional References
Red Hat: CVE-2012-2150
Mitre: CVE-2012-2150
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | xfsprogs | < 3.2.2-2.20.amzn1 | xfsprogs-3.2.2-2.20.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | xfsprogs-devel | < 3.2.2-2.20.amzn1 | xfsprogs-devel-3.2.2-2.20.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | xfsprogs-debuginfo | < 3.2.2-2.20.amzn1 | xfsprogs-debuginfo-3.2.2-2.20.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | xfsprogs-debuginfo | < 3.2.2-2.20.amzn1 | xfsprogs-debuginfo-3.2.2-2.20.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | xfsprogs | < 3.2.2-2.20.amzn1 | xfsprogs-3.2.2-2.20.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | xfsprogs-devel | < 3.2.2-2.20.amzn1 | xfsprogs-devel-3.2.2-2.20.amzn1.x86_64.rpm |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.027 Low
EPSS
Percentile
90.5%