Описание
Security update for ntfs-3g_ntfsprogs
This update for ntfs-3g_ntfsprogs fixes the following issues:
Security issues fixed:
- CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165).
Список пакетов
Container suse/sles/15.6/libguestfs-tools:1.1.1
libntfs-3g87-2016.2.22-3.3.2
ntfs-3g-2016.2.22-3.3.2
ntfsprogs-2016.2.22-3.3.2
Container suse/sles/15.7/libguestfs-tools:1.4.0
libntfs-3g87-2016.2.22-3.3.2
ntfs-3g-2016.2.22-3.3.2
ntfsprogs-2016.2.22-3.3.2
SUSE Linux Enterprise Workstation Extension 15
libntfs-3g87-2016.2.22-3.3.2
ntfs-3g-2016.2.22-3.3.2
ntfsprogs-2016.2.22-3.3.2
Ссылки
- Link for SUSE-SU-2019:1001-1
- E-Mail link for SUSE-SU-2019:1001-1
- SUSE Security Ratings
- SUSE Bug 1130165
- SUSE CVE CVE-2019-9755 page
Описание
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
Затронутые продукты
Container suse/sles/15.6/libguestfs-tools:1.1.1:libntfs-3g87-2016.2.22-3.3.2
Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfs-3g-2016.2.22-3.3.2
Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfsprogs-2016.2.22-3.3.2
Container suse/sles/15.7/libguestfs-tools:1.4.0:libntfs-3g87-2016.2.22-3.3.2
Ссылки
- CVE-2019-9755
- SUSE Bug 1130165