Bugzilla – Bug 1199978
VUL-0: CVE-2022-30783,CVE-2022-30784,CVE-2022-30785,CVE-2022-30786,CVE-2022-30787,CVE-2022-30788,CVE-2022-30789: ntfs-3g_ntfsprogs: 2022.5.17 release
Last modified: 2022-09-16 13:10:19 UTC
Multiple security issues have been fixed in ntfs-3g version 2022.5.17: - CVE-2022-30783: An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel when using libfuse-lite. - CVE-2022-30784: A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value. - CVE-2022-30785: A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations when using libfuse-lite. - CVE-2022-30786: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate. - CVE-2022-30787: An integer underflow in fuse_lib_readdir enables arbitrary memory read operations when using libfuse-lite. - CVE-2022-30788: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc. - CVE-2022-30789: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array. Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
(In reply to Carlos López from comment #0) > Patches: > https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 These should also fix CVE-2021-46790 (bsc#1199139)
Advisories: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
This is an autogenerated message for OBS integration: This bug (1199978) was mentioned in https://build.opensuse.org/request/show/979742 Factory / ntfs-3g_ntfsprogs
SUSE-SU-2022:2835-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1199978 CVE References: CVE-2021-46790,CVE-2022-30783,CVE-2022-30784,CVE-2022-30785,CVE-2022-30786,CVE-2022-30787,CVE-2022-30788,CVE-2022-30789 JIRA References: Sources used: openSUSE Leap 15.4 (src): ntfs-3g_ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3 (src): ntfs-3g_ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): ntfs-3g_ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): ntfs-3g_ntfsprogs-2022.5.17-150000.3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2836-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1199978 CVE References: CVE-2021-46790,CVE-2022-30783,CVE-2022-30784,CVE-2022-30785,CVE-2022-30786,CVE-2022-30787,CVE-2022-30788,CVE-2022-30789 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): ntfs-3g_ntfsprogs-2022.5.17-5.12.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): ntfs-3g_ntfsprogs-2022.5.17-5.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.