ALAS2-2023-1977

Amazon Linux 2 Security Advisory: ALAS2-2023-1977
Advisory Released Date: 2023-03-06
Advisory Updated Date: 2025-09-23

Severity: Low

References: CVE-2022-29869
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains = signs. (CVE-2022-29869)

Affected Packages:

cifs-utils

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update cifs-utils or yum update --advisory ALAS2-2023-1977 to update your system.

New Packages:

aarch64:
    cifs-utils-6.2-10.amzn2.0.4.aarch64
    cifs-utils-devel-6.2-10.amzn2.0.4.aarch64
    cifs-utils-debuginfo-6.2-10.amzn2.0.4.aarch64

i686:
    cifs-utils-6.2-10.amzn2.0.4.i686
    cifs-utils-devel-6.2-10.amzn2.0.4.i686
    cifs-utils-debuginfo-6.2-10.amzn2.0.4.i686

src:
    cifs-utils-6.2-10.amzn2.0.4.src

x86_64:
    cifs-utils-6.2-10.amzn2.0.4.x86_64
    cifs-utils-devel-6.2-10.amzn2.0.4.x86_64
    cifs-utils-debuginfo-6.2-10.amzn2.0.4.x86_64

Changelog:

2025-09-23: CVE-2022-27239 was removed from this advisory.

2025-09-23: The severity of this advisory has been changed from important to low.

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2022-29869

Mitre: CVE-2022-29869