The following Fedora EPEL 7 Security updates need testing: Age URL 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-55ddc1978f rubygem-tzinfo-1.2.10-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing ntfs-3g-2022.5.17-1.el7 Details about builds: ================================================================================ ntfs-3g-2022.5.17-1.el7 (FEDORA-EPEL-2022-69c4ed93d1) Linux NTFS userspace driver -------------------------------------------------------------------------------- Update Information: Update to 2022.5.17. Fixes: CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 8 2022 Richard W.M. Jones <rjones@xxxxxxxxxx> - 2:2022.5.17-1 - New upstream version 2022.5.17 - Fixes: CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2093307 - CVE-2022-30783 ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093307 [ 2 ] Bug #2093317 - CVE-2022-30784 ntfs-3g: crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093317 [ 3 ] Bug #2093322 - CVE-2022-30785 ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093322 [ 4 ] Bug #2093330 - CVE-2022-30786 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093330 [ 5 ] Bug #2093335 - CVE-2022-30787 ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093335 [ 6 ] Bug #2093342 - CVE-2022-30788 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093342 [ 7 ] Bug #2093350 - CVE-2022-30789 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093350 [ 8 ] Bug #2093362 - CVE-2021-46790 ntfs-3g: heap-based buffer overflow in ntfsck [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093362 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
