SUSE-SU-2022:2835-1
Vulnerability Summary
Timeline
Description
Security update for ntfs-3g_ntfsprogs This update for ntfs-3g_ntfsprogs fixes the following issues: Updated to version 2022.5.17 (bsc#1199978): - CVE-2022-30783: Fixed an issue where messages between NTFS-3G and the kernel could be intercepted when using libfuse-lite. - CVE-2022-30784: Fixed a memory exhaustion issue when opening a crafted NTFS image. - CVE-2022-30785: Fixed a bug where arbitrary memory read and write operations could be achieved whe using libfuse-lite. - CVE-2022-30786: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30787: Fixed an integer underflow which enabled arbitrary memory read operations when using libfuse-lite. - CVE-2022-30788: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30789: Fixed a memory corruption issue when opening a crafted NTFS image.
Affected Systems
- opensuse•ntfs-3g_ntfsprogs&distro=openSUSE Leap 15.3
< 2022.5.17-150000.3.11.1
- opensuse•ntfs-3g_ntfsprogs&distro=openSUSE Leap 15.4
< 2022.5.17-150000.3.11.1
- suse•ntfs-3g_ntfsprogs&distro=SUSE Linux Enterprise Workstation Extension 15 SP3
< 2022.5.17-150000.3.11.1
- suse•ntfs-3g_ntfsprogs&distro=SUSE Linux Enterprise Workstation Extension 15 SP4
< 2022.5.17-150000.3.11.1
References (10)
- https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/
- https://bugzilla.suse.com/1199978
- https://www.suse.com/security/cve/CVE-2021-46790
- https://www.suse.com/security/cve/CVE-2022-30783
- https://www.suse.com/security/cve/CVE-2022-30784
- https://www.suse.com/security/cve/CVE-2022-30785
- https://www.suse.com/security/cve/CVE-2022-30786
- https://www.suse.com/security/cve/CVE-2022-30787
- https://www.suse.com/security/cve/CVE-2022-30788
- https://www.suse.com/security/cve/CVE-2022-30789