Описание
Security update for ntfs-3g_ntfsprogs
This update for ntfs-3g_ntfsprogs fixes the following issues:
- CVE-2022-40284: Fixed incorrect validation of some of the NTFS metadata that could cause buffer overflow (bsc#1204734).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
libntfs-3g-devel-2022.5.17-5.17.1
libntfs-3g84-2022.5.17-5.17.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libntfs-3g84-2022.5.17-5.17.1
ntfs-3g-2022.5.17-5.17.1
ntfsprogs-2022.5.17-5.17.1
Ссылки
- Link for SUSE-SU-2022:3865-1
- E-Mail link for SUSE-SU-2022:3865-1
- SUSE Security Ratings
- SUSE Bug 1204734
- SUSE CVE CVE-2022-40284 page
Описание
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libntfs-3g-devel-2022.5.17-5.17.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libntfs-3g84-2022.5.17-5.17.1
SUSE Linux Enterprise Workstation Extension 12 SP5:libntfs-3g84-2022.5.17-5.17.1
SUSE Linux Enterprise Workstation Extension 12 SP5:ntfs-3g-2022.5.17-5.17.1
Ссылки
- CVE-2022-40284
- SUSE Bug 1204734