Security update for ntfs-3g_ntfsprogs SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2074-1 Final 1 1 2024-06-18T15:47:36Z current 2024-06-18T15:47:36Z 2024-06-18T15:47:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ntfs-3g_ntfsprogs This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2023-52890: Fixed use-after-free in 'ntfs_uppercase_mbs' in unistr.c (bsc#1226007). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2074,SUSE-SLE-SDK-12-SP5-2024-2074,SUSE-SLE-WE-12-SP5-2024-2074 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242074-1/ Link for SUSE-SU-2024:2074-1 https://lists.suse.com/pipermail/sle-security-updates/2024-June/018748.html E-Mail link for SUSE-SU-2024:2074-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1226007 SUSE Bug 1226007 https://www.suse.com/security/cve/CVE-2023-52890/ SUSE CVE CVE-2023-52890 page SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 libntfs-3g-devel-2022.5.17-5.20.1 libntfs-3g84-2022.5.17-5.20.1 ntfs-3g-2022.5.17-5.20.1 ntfsprogs-2022.5.17-5.20.1 libntfs-3g-devel-2022.5.17-5.20.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libntfs-3g84-2022.5.17-5.20.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libntfs-3g84-2022.5.17-5.20.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 ntfs-3g-2022.5.17-5.20.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 ntfsprogs-2022.5.17-5.20.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging. CVE-2023-52890 SUSE Linux Enterprise Software Development Kit 12 SP5:libntfs-3g-devel-2022.5.17-5.20.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libntfs-3g84-2022.5.17-5.20.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libntfs-3g84-2022.5.17-5.20.1 SUSE Linux Enterprise Workstation Extension 12 SP5:ntfs-3g-2022.5.17-5.20.1 SUSE Linux Enterprise Workstation Extension 12 SP5:ntfsprogs-2022.5.17-5.20.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242074-1/ https://www.suse.com/security/cve/CVE-2023-52890.html CVE-2023-52890 https://bugzilla.suse.com/1226007 SUSE Bug 1226007