Security update for ntfs-3g_ntfsprogs SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2835-1 Final 1 1 2022-08-17T14:52:41Z current 2022-08-17T14:52:41Z 2022-08-17T14:52:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ntfs-3g_ntfsprogs This update for ntfs-3g_ntfsprogs fixes the following issues: Updated to version 2022.5.17 (bsc#1199978): - CVE-2022-30783: Fixed an issue where messages between NTFS-3G and the kernel could be intercepted when using libfuse-lite. - CVE-2022-30784: Fixed a memory exhaustion issue when opening a crafted NTFS image. - CVE-2022-30785: Fixed a bug where arbitrary memory read and write operations could be achieved whe using libfuse-lite. - CVE-2022-30786: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30787: Fixed an integer underflow which enabled arbitrary memory read operations when using libfuse-lite. - CVE-2022-30788: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30789: Fixed a memory corruption issue when opening a crafted NTFS image. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sles/15.6/libguestfs-tools:1.1.1-2022-2835,Container suse/sles/15.7/libguestfs-tools:1.5.0-2022-2835,SUSE-2022-2835,SUSE-SLE-Product-WE-15-SP3-2022-2835,SUSE-SLE-Product-WE-15-SP4-2022-2835,openSUSE-SLE-15.3-2022-2835,openSUSE-SLE-15.4-2022-2835 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/ Link for SUSE-SU-2022:2835-1 https://lists.suse.com/pipermail/sle-security-updates/2022-August/011933.html E-Mail link for SUSE-SU-2022:2835-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1199978 SUSE Bug 1199978 https://www.suse.com/security/cve/CVE-2021-46790/ SUSE CVE CVE-2021-46790 page https://www.suse.com/security/cve/CVE-2022-30783/ SUSE CVE CVE-2022-30783 page https://www.suse.com/security/cve/CVE-2022-30784/ SUSE CVE CVE-2022-30784 page https://www.suse.com/security/cve/CVE-2022-30785/ SUSE CVE CVE-2022-30785 page https://www.suse.com/security/cve/CVE-2022-30786/ SUSE CVE CVE-2022-30786 page https://www.suse.com/security/cve/CVE-2022-30787/ SUSE CVE CVE-2022-30787 page https://www.suse.com/security/cve/CVE-2022-30788/ SUSE CVE CVE-2022-30788 page https://www.suse.com/security/cve/CVE-2022-30789/ SUSE CVE CVE-2022-30789 page Container suse/sles/15.6/libguestfs-tools:1.1.1 Container suse/sles/15.7/libguestfs-tools:1.5.0 SUSE Linux Enterprise Workstation Extension 15 SP3 SUSE Linux Enterprise Workstation Extension 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 libntfs-3g87-2022.5.17-150000.3.11.1 ntfs-3g-2022.5.17-150000.3.11.1 ntfsprogs-2022.5.17-150000.3.11.1 libntfs-3g-devel-2022.5.17-150000.3.11.1 ntfsprogs-extra-2022.5.17-150000.3.11.1 libntfs-3g87-2022.5.17-150000.3.11.1 as a component of Container suse/sles/15.6/libguestfs-tools:1.1.1 ntfs-3g-2022.5.17-150000.3.11.1 as a component of Container suse/sles/15.6/libguestfs-tools:1.1.1 ntfsprogs-2022.5.17-150000.3.11.1 as a component of Container suse/sles/15.6/libguestfs-tools:1.1.1 libntfs-3g87-2022.5.17-150000.3.11.1 as a component of Container suse/sles/15.7/libguestfs-tools:1.5.0 ntfs-3g-2022.5.17-150000.3.11.1 as a component of Container suse/sles/15.7/libguestfs-tools:1.5.0 ntfsprogs-2022.5.17-150000.3.11.1 as a component of Container suse/sles/15.7/libguestfs-tools:1.5.0 libntfs-3g-devel-2022.5.17-150000.3.11.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 libntfs-3g87-2022.5.17-150000.3.11.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 ntfs-3g-2022.5.17-150000.3.11.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 ntfsprogs-2022.5.17-150000.3.11.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP3 libntfs-3g-devel-2022.5.17-150000.3.11.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 libntfs-3g87-2022.5.17-150000.3.11.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 ntfs-3g-2022.5.17-150000.3.11.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 ntfsprogs-2022.5.17-150000.3.11.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 libntfs-3g-devel-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.3 libntfs-3g87-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.3 ntfs-3g-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.3 ntfsprogs-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.3 ntfsprogs-extra-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.3 libntfs-3g-devel-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.4 libntfs-3g87-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.4 ntfs-3g-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.4 ntfsprogs-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.4 ntfsprogs-extra-2022.5.17-150000.3.11.1 as a component of openSUSE Leap 15.4 ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. CVE-2021-46790 Container suse/sles/15.6/libguestfs-tools:1.1.1:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfsprogs-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-extra-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-extra-2022.5.17-150000.3.11.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/ https://www.suse.com/security/cve/CVE-2021-46790.html CVE-2021-46790 https://bugzilla.suse.com/1199139 SUSE Bug 1199139 An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. CVE-2022-30783 Container suse/sles/15.6/libguestfs-tools:1.1.1:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfsprogs-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-extra-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-extra-2022.5.17-150000.3.11.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/ https://www.suse.com/security/cve/CVE-2022-30783.html CVE-2022-30783 https://bugzilla.suse.com/1199978 SUSE Bug 1199978 A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. CVE-2022-30784 Container suse/sles/15.6/libguestfs-tools:1.1.1:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfsprogs-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-extra-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-extra-2022.5.17-150000.3.11.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/ https://www.suse.com/security/cve/CVE-2022-30784.html CVE-2022-30784 https://bugzilla.suse.com/1199978 SUSE Bug 1199978 A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. CVE-2022-30785 Container suse/sles/15.6/libguestfs-tools:1.1.1:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfsprogs-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-extra-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-extra-2022.5.17-150000.3.11.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/ https://www.suse.com/security/cve/CVE-2022-30785.html CVE-2022-30785 https://bugzilla.suse.com/1199978 SUSE Bug 1199978 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. CVE-2022-30786 Container suse/sles/15.6/libguestfs-tools:1.1.1:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfsprogs-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-extra-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-extra-2022.5.17-150000.3.11.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/ https://www.suse.com/security/cve/CVE-2022-30786.html CVE-2022-30786 https://bugzilla.suse.com/1199978 SUSE Bug 1199978 An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. CVE-2022-30787 Container suse/sles/15.6/libguestfs-tools:1.1.1:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfsprogs-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-extra-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-extra-2022.5.17-150000.3.11.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/ https://www.suse.com/security/cve/CVE-2022-30787.html CVE-2022-30787 https://bugzilla.suse.com/1199978 SUSE Bug 1199978 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. CVE-2022-30788 Container suse/sles/15.6/libguestfs-tools:1.1.1:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfsprogs-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-extra-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-extra-2022.5.17-150000.3.11.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/ https://www.suse.com/security/cve/CVE-2022-30788.html CVE-2022-30788 https://bugzilla.suse.com/1199978 SUSE Bug 1199978 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. CVE-2022-30789 Container suse/sles/15.6/libguestfs-tools:1.1.1:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.6/libguestfs-tools:1.1.1:ntfsprogs-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:libntfs-3g87-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfs-3g-2022.5.17-150000.3.11.1 Container suse/sles/15.7/libguestfs-tools:1.5.0:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP3:ntfsprogs-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g-devel-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:libntfs-3g87-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfs-3g-2022.5.17-150000.3.11.1 SUSE Linux Enterprise Workstation Extension 15 SP4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.3:ntfsprogs-extra-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g-devel-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:libntfs-3g87-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfs-3g-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-2022.5.17-150000.3.11.1 openSUSE Leap 15.4:ntfsprogs-extra-2022.5.17-150000.3.11.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222835-1/ https://www.suse.com/security/cve/CVE-2022-30789.html CVE-2022-30789 https://bugzilla.suse.com/1199978 SUSE Bug 1199978