| Summary: | exfatprogs new security issue CVE-2023-45897 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | exfatprogs-1.2.0-1.mga9.src.rpm | CVE: | CVE-2023-45897 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-05-02 09:29:44 CEST
Nicolas Salguero
2024-05-02 09:30:15 CEST
Status comment:
(none) =>
Fixed upstream in 1.2.2 and patches available from upstream Suggested advisory: ======================== The updated package fixes a security vulnerability: exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. (CVE-2023-45897) References: https://lwn.net/Articles/971707/ ======================== Updated package in core/updates_testing: ======================== exfatprogs-1.2.0-1.1.mga9 from SRPM: exfatprogs-1.2.0-1.1.mga9.src.rpm Status:
NEW =>
ASSIGNED
katnatek
2024-05-02 19:41:17 CEST
Keywords:
(none) =>
advisory MGA9-64 Plasma. No installation issues. Bug 31055 tells me that Isodumper uses exfatprogs when formatting a usb stick to exFAT. I took a 128GB usb stick that was already formatted in NTFS, and used Isodumper to reformat it into exFAT, and added a label. After using MCC to confirm that the stick was indeed now in exFAT, and labeled, I used Dolphin to copy a video to it. VLC played the video from the stick without issues. Then I moved the file to another directory on my SSD,and "safely removed" the usb stick. This is good to go. Validating. CC:
(none) =>
andrewsfarm, sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0166.html Status:
ASSIGNED =>
RESOLVED |