Advisories ยป MGASA-2022-0385

Updated ntfs-3g packages fix security vulnerability

Publication date: 23 Oct 2022
Modification date: 23 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-46790 , CVE-2022-30783 , CVE-2022-30784 , CVE-2022-30785 , CVE-2022-30786 , CVE-2022-30787 , CVE-2022-30788 , CVE-2022-30789

Description

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow
involving buffer+512*3-2. (CVE-2021-46790)

An invalid return code in fuse_kern_mount enables intercepting of
libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G
through 2021.8.22 when using libfuse-lite. (CVE-2022-30783)

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value
in NTFS-3G through 2021.8.22. (CVE-2022-30784)

A file handle created in fuse_lib_opendir, and later used in
fuse_lib_readdir, enables arbitrary memory read and write operations in
NTFS-3G through 2021.8.22 when using libfuse-lite. (CVE-2022-30785)

A crafted NTFS image can cause a heap-based buffer overflow in
ntfs_names_full_collate in NTFS-3G through 2021.8.22. (CVE-2022-30786)

An integer underflow in fuse_lib_readdir enables arbitrary memory read
operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
(CVE-2022-30787)

A crafted NTFS image can cause a heap-based buffer overflow in
ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. (CVE-2022-30788)

A crafted NTFS image can cause a heap-based buffer overflow
in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
(CVE-2022-30789)
                

References

SRPMS

8/core