openSUSE has issued an advisory on August 19: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/M2T36ITNEMHD5DLL56EBYL7O4ORVVRLQ/ According to Debian, the fix is: https://github.com/tuxera/ntfs-3g/commit/75dcdc2cf37478fad6c0e3427403d198b554951d
Whiteboard: (none) => MGA9TOOStatus comment: (none) => Patch available from openSUSE and upstreamSource RPM: (none) => ntfs-3g-2022.10.3-1.mga9.src.rpmCVE: (none) => CVE-2023-52890
Suggested advisory: ======================== The updated packages fix a security vulnerability: NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. (CVE-2023-52890) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/M2T36ITNEMHD5DLL56EBYL7O4ORVVRLQ/ ======================== Updated packages in core/updates_testing: ======================== lib(64)ntfs-3g89-2022.10.3-1.1.mga9 lib(64)ntfs-3g-devel-2022.10.3-1.1.mga9 ntfs-3g-2022.10.3-1.1.mga9 from SRPM: ntfs-3g-2022.10.3-1.1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugsVersion: Cauldron => 9Status comment: Patch available from openSUSE and upstream => (none)
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi --auto --auto-update adding 66 new rpms not available in existing hdlist replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp updating /var/cache/urpmi/partial/MD5SUM updated medium "QA Testing (32-bit)" medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing lib64ntfs-3g89-2022.10.3-1.1.mga9.x86_64.rpm ntfs-3g-2022.10.3-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/2: lib64ntfs-3g89 ################################################################################################## 2/2: ntfs-3g ################################################################################################## 1/2: removing ntfs-3g-2022.10.3-1.mga9.x86_64 ################################################################################################## 2/2: removing lib64ntfs-3g89-2022.10.3-1.mga9.x86_64 ################################################################################################## Reboot I have a disk with NTFS I can copy and delete files ps xva | grep ntfs 703 ? Ss 0:00 2 0 12536 2272 0.0 /sbin/mount.ntfs-3g /dev/sda2 /mnt/windows -o rw,umask=000
Whiteboard: (none) => MGA9-64-OKCC: (none) => andrewsfarm
Validating
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0284.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED