Описание
Security update for ntfs-3g_ntfsprogs
This update for ntfs-3g_ntfsprogs fixes the following issue:
- CVE-2023-52890: fix a use after free in ntfs_uppercase_mbs (bsc#1226007)
Список пакетов
Container suse/sles/15.7/libguestfs-tools:1.4.0
libntfs-3g87-2022.5.17-150000.3.21.1
ntfs-3g-2022.5.17-150000.3.21.1
ntfsprogs-2022.5.17-150000.3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libntfs-3g87-2022.5.17-150000.3.21.1
ntfs-3g-2022.5.17-150000.3.21.1
ntfsprogs-2022.5.17-150000.3.21.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
libntfs-3g-devel-2022.5.17-150000.3.21.1
SUSE Linux Enterprise Workstation Extension 15 SP5
libntfs-3g-devel-2022.5.17-150000.3.21.1
libntfs-3g87-2022.5.17-150000.3.21.1
ntfs-3g-2022.5.17-150000.3.21.1
ntfsprogs-2022.5.17-150000.3.21.1
openSUSE Leap 15.5
libntfs-3g-devel-2022.5.17-150000.3.21.1
libntfs-3g87-2022.5.17-150000.3.21.1
ntfs-3g-2022.5.17-150000.3.21.1
ntfsprogs-2022.5.17-150000.3.21.1
ntfsprogs-extra-2022.5.17-150000.3.21.1
openSUSE Leap 15.6
libntfs-3g-devel-2022.5.17-150000.3.21.1
libntfs-3g87-2022.5.17-150000.3.21.1
ntfs-3g-2022.5.17-150000.3.21.1
ntfsprogs-2022.5.17-150000.3.21.1
ntfsprogs-extra-2022.5.17-150000.3.21.1
Ссылки
- Link for SUSE-SU-2024:2187-1
- E-Mail link for SUSE-SU-2024:2187-1
- SUSE Security Ratings
- SUSE Bug 1226007
- SUSE CVE CVE-2023-52890 page
Описание
NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.
Затронутые продукты
Container suse/sles/15.7/libguestfs-tools:1.4.0:libntfs-3g87-2022.5.17-150000.3.21.1
Container suse/sles/15.7/libguestfs-tools:1.4.0:ntfs-3g-2022.5.17-150000.3.21.1
Container suse/sles/15.7/libguestfs-tools:1.4.0:ntfsprogs-2022.5.17-150000.3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libntfs-3g87-2022.5.17-150000.3.21.1
Ссылки
- CVE-2023-52890
- SUSE Bug 1226007