Univention Bugzilla – Bug 55443
ntfs-3g: Multiple issues (5.0)
Last modified: 2022-11-23 16:08:31 CET
New Debian ntfs-3g 1:2017.3.23AR.3-3+deb10u3 fixes: This update addresses the following issue: * A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. (CVE-2022-40284)
--- mirror/ftp/pool/main/n/ntfs-3g/ntfs-3g_2017.3.23AR.3-3+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/ntfs-3g_2017.3.23AR.3-3+deb10u3.dsc @@ -1,3 +1,10 @@ +1:2017.3.23AR.3-3+deb10u3 [Sun, 20 Nov 2022 22:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-40284 + - Rejected zero-sized runs + - Avoided merging runlists with no runs + 1:2017.3.23AR.3-3+deb10u2 [Thu, 09 Jun 2022 14:43:42 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.0-2/#4912380165343617247>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 057961e78c Bug #55443: ntfs-3g 1:2017.3.23AR.3-3+deb10u3 doc/errata/staging/ntfs-3g.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x496>