1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5270-1] ntfs-3g security update

    From Salvatore Bonaccorso@21:1/5 to All on Fri Nov 4 10:00:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5270-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 04, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ntfs-3g
    CVE ID : CVE-2022-40284

    Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a read-write NTFS driver for FUSE, due to incorrect validation of some of
    the NTFS metadata. A local user can take advantage of this flaw for
    local root privilege escalation.

    For the stable distribution (bullseye), this problem has been fixed in
    version 1:2017.3.23AR.3-4+deb11u3.

    We recommend that you upgrade your ntfs-3g packages.

    For the detailed security status of ntfs-3g please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/ntfs-3g

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNk0SpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ti5A/9FsoHBMdHvmNC5orI/fWqKGJoJyG3Uf192sLVRxWDaX1P2GW8eDS6KiOC iCAenevi6yXslNVIpxMUCgevx0v7znAxxcbc4Wocax0j4ereSR+6T8pS6IvgcwAg 0r6wXfHsjcm3AoAq/D5MamtC2YHpYDgppei65OvZeHIG0D8p57+KbMp3M9rqRp/N bvAjO38f0XiJ6zn+ry19Yy1YdS8I6xG/VYb0ab/Wg/v7cFv2f+qfLG0EZuOBF3wM 0WXHtVxAgviVLznupokZo2yxxCl+DqWXSfOZM4OaQMzoJ50Rizp2PLUxs2BjVIst 9QYOPkTB2EWrXRn4Bj5Q2AmNfmaAWBbADzOw7xfkLeXwCRz8Zvn+JOvMatSMVlmG GHD/so0NHpPIkINP/5hQO95b3bbwPeKUNtUaYsfAHDPMkRm26O0VNu0fSjjaK48U s4QlqFHpmCtt09Gs7ACZDeCjJy0vPs9ejG5Nf2aNZBNiu/vzANIjQlkmcG5WcpRL o+Tt/fNEUZMrKzww2awZ+08ht1cPffuvQfZRXGNiQGVt2KBtLUuKQ3uOumxGJmFS /lEdgkCSLoRnLFyjpGeSTEGWq/4BLWOUyasSQ5NJuBz1b+k2gC1YiZmBY8Q0jp20 GV33WVJZ25gRonq+E9i91Eh0u10CM9uKeYYsh5VDnPXiDiEzewY=
    =jcHQ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)