stable

ntfs-3g-system-compression-1.0-9.fc36

FEDORA-2022-13bc8c91b0 created by rjones 2 years ago for Fedora 36

Rebuild for ntfs-3g CVE

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-13bc8c91b0

This update has been submitted for testing by rjones.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'passed'.

2 years ago
User Icon kparal commented & provided feedback 2 years ago

@rjones Can this be merged into https://bodhi.fedoraproject.org/updates/FEDORA-2022-8f775872c9 so that the updates go out together? I believe these two should be a single update.

User Icon rjones commented & provided feedback 2 years ago

Possibly, but I've no idea how.

User Icon kparal commented & provided feedback 2 years ago

Just obsolete this update and then edit the other one and add ntfs-3g-system-compression-1.0-9.fc36 into it.

FEDORA-2022-13bc8c91b0 ejected from the push because "Cannot find relevant tag for ntfs-3g-system-compression-1.0-9.fc36. None of ['f36-updates-testing', 'f36-updates-testing-pending'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f36-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f37-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'epel9-testing-candidate', 'f37-container-updates-candidate', 'f34-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-modular-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f33-updates-candidate', 'f34-container-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f36-modular-updates-candidate', 'f35-flatpak-updates-candidate', 'f36-flatpak-updates-candidate', 'f34-flatpak-updates-candidate']."

2 years ago

This update has been submitted for testing by humaton.

2 years ago

FEDORA-2022-13bc8c91b0 ejected from the push because "Cannot find relevant tag for ntfs-3g-system-compression-1.0-9.fc36. None of ['f36-updates-testing', 'f36-updates-testing-pending'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f36-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f37-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'epel9-testing-candidate', 'f37-container-updates-candidate', 'f34-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-modular-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f33-updates-candidate', 'f34-container-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f36-modular-updates-candidate', 'f35-flatpak-updates-candidate', 'f36-flatpak-updates-candidate', 'f34-flatpak-updates-candidate']."

2 years ago

This update has been submitted for testing by humaton.

2 years ago

FEDORA-2022-13bc8c91b0 ejected from the push because "Cannot find relevant tag for ntfs-3g-system-compression-1.0-9.fc36. None of ['f36-updates-testing', 'f36-updates-testing-pending'] are in ['epel9-next-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'eln-updates-candidate', 'f30-modular-updates-candidate', 'f28-modular-updates-candidate', 'f28-container-updates-candidate', 'f30-container-updates-candidate', 'epel8-testing-candidate', 'f30-flatpak-updates-candidate', 'f36-updates-candidate', 'f32-modular-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f26-updates-candidate', 'f31-modular-updates-candidate', 'dist-6E-epel-testing-candidate', 'f32-flatpak-updates-candidate', 'f36-container-updates-candidate', 'f37-updates-candidate', 'f27-updates-candidate', 'f28-updates-candidate', 'f30-updates-candidate', 'f29-updates-candidate', 'el8-modular-updates-candidate', 'f32-updates-candidate', 'epel9-testing-candidate', 'f37-container-updates-candidate', 'f34-updates-candidate', 'f31-updates-candidate', 'f31-container-updates-candidate', 'f31-flatpak-updates-candidate', 'f34-modular-updates-candidate', 'f32-container-updates-candidate', 'epel8-next-testing-candidate', 'f35-updates-candidate', 'f35-modular-updates-candidate', 'f33-updates-candidate', 'f34-container-updates-candidate', 'f33-modular-updates-candidate', 'f33-container-updates-candidate', 'f33-flatpak-updates-candidate', 'f35-container-updates-candidate', 'f36-modular-updates-candidate', 'f35-flatpak-updates-candidate', 'f36-flatpak-updates-candidate', 'f34-flatpak-updates-candidate']."

2 years ago

This update has been submitted for testing by humaton.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon kparal provided feedback 2 years ago
karma

kparal edited this update.

2 years ago
User Icon lbrabec provided feedback 2 years ago
karma

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
14 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#2093310 CVE-2022-30783 ntfs-3g-system-compression: ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic [fedora-all]
0
0
BZ#2093319 CVE-2022-30784 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value [fedora-all]
0
0
BZ#2093325 CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [fedora-all]
0
0
BZ#2093331 CVE-2022-30786 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate [fedora-all]
0
0
BZ#2093338 CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [fedora-all]
0
0
BZ#2093345 CVE-2022-30788 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc [fedora-all]
0
0
BZ#2093352 CVE-2022-30789 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array [fedora-all]
0
0
BZ#2093361 CVE-2021-46790 ntfs-3g-system-compression: ntfs-3g: heap-based buffer overflow in ntfsck [fedora-all]
0
0

Automated Test Results