RedHat has issued an advisory on April 30: https://lwn.net/Articles/971707/ Version 1.2.2 solves the problem or the following patches: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae
Status comment: (none) => Fixed upstream in 1.2.2 and patches available from upstreamSource RPM: (none) => exfatprogs-1.2.0-1.mga9.src.rpmCVE: (none) => CVE-2023-45897
Suggested advisory: ======================== The updated package fixes a security vulnerability: exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. (CVE-2023-45897) References: https://lwn.net/Articles/971707/ ======================== Updated package in core/updates_testing: ======================== exfatprogs-1.2.0-1.1.mga9 from SRPM: exfatprogs-1.2.0-1.1.mga9.src.rpm
Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugsStatus comment: Fixed upstream in 1.2.2 and patches available from upstream => (none)
Keywords: (none) => advisory
MGA9-64 Plasma. No installation issues. Bug 31055 tells me that Isodumper uses exfatprogs when formatting a usb stick to exFAT. I took a 128GB usb stick that was already formatted in NTFS, and used Isodumper to reformat it into exFAT, and added a label. After using MCC to confirm that the stick was indeed now in exFAT, and labeled, I used Dolphin to copy a video to it. VLC played the video from the stick without issues. Then I moved the file to another directory on my SSD,and "safely removed" the usb stick. This is good to go. Validating.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA9-64-OKKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0166.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED