https://bugzilla.redhat.com/show_bug.cgi?id=2093333
Bug ID: 2093333
Summary: CVE-2022-30787 ntfs-3g: integer underflow in
fuse_lib_readdir enables arbitrary memory read
operations
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
An integer underflow in fuse_lib_readdir enables arbitrary memory read
operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58https://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093333
https://bugzilla.redhat.com/show_bug.cgi?id=2093320
Bug ID: 2093320
Summary: CVE-2022-30785 ntfs-3g: a file handle created in
fuse_lib_opendir, and later used in fuse_lib_readdir,
enables arbitrary memory read and write operations
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir,
enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22
when using libfuse-lite.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58https://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093320
https://bugzilla.redhat.com/show_bug.cgi?id=2093305
Bug ID: 2093305
Summary: CVE-2022-30783 ntfs-3g: invalid return code in
fuse_kern_mount enables intercepting of libfuse-lite
protocol traffic
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite
protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22
when using libfuse-lite.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58https://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093305
https://bugzilla.redhat.com/show_bug.cgi?id=2127039
Bug ID: 2127039
Summary: Please branch and build python3-pygraphviz in epel9
Product: Fedora EPEL
Version: epel9
Status: NEW
Component: python-pygraphviz
Assignee: zbyszek(a)in.waw.pl
Reporter: romain.geissler(a)amadeus.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
logans(a)cottsay.net,
python-sig(a)lists.fedoraproject.org, zbyszek(a)in.waw.pl
Target Milestone: ---
Classification: Fedora
Please branch and build python3-pygraphviz in epel9.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2127039
https://bugzilla.redhat.com/show_bug.cgi?id=2126276
--- Comment #7 from Avinash Hanwate <ahanwate(a)redhat.com> ---
Created breeze-icon-theme tracking bugs for this issue:
Affects: epel-8 [bug 2126995]
Affects: fedora-all [bug 2126997]
Created cockatrice tracking bugs for this issue:
Affects: fedora-all [bug 2126998]
Created couchdb tracking bugs for this issue:
Affects: fedora-all [bug 2126999]
Created golang-entgo-ent tracking bugs for this issue:
Affects: fedora-all [bug 2127000]
Created golang-github-prometheus tracking bugs for this issue:
Affects: epel-7 [bug 2126993]
Created grafana tracking bugs for this issue:
Affects: fedora-all [bug 2127001]
Created mozjs68 tracking bugs for this issue:
Affects: fedora-all [bug 2127002]
Created mozjs78 tracking bugs for this issue:
Affects: fedora-all [bug 2127003]
Created nodejs tracking bugs for this issue:
Affects: epel-7 [bug 2126994]
Affects: fedora-all [bug 2127004]
Created python-engineio tracking bugs for this issue:
Affects: fedora-all [bug 2127005]
Created seamonkey tracking bugs for this issue:
Affects: epel-8 [bug 2126996]
Affects: fedora-all [bug 2127006]
Created workrave tracking bugs for this issue:
Affects: fedora-all [bug 2127007]
Created yarnpkg tracking bugs for this issue:
Affects: fedora-all [bug 2127008]
Created zuul tracking bugs for this issue:
Affects: fedora-all [bug 2127009]
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2126276