aws-efs-utils-1.34.5-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12639 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z aws-efs-utils-1.34.5-1.1 on GA media These are all security issues fixed in the aws-efs-utils-1.34.5-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12639 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12639 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-46174/ SUSE CVE CVE-2022-46174 page openSUSE Tumbleweed aws-efs-utils-1.34.5-1.1 aws-efs-utils-1.34.5-1.1 as a component of openSUSE Tumbleweed efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer's local mount points to that customer's EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later. CVE-2022-46174 openSUSE Tumbleweed:aws-efs-utils-1.34.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-46174.html CVE-2022-46174 https://bugzilla.suse.com/1206737 SUSE Bug 1206737