[SECURITY] [DSA 5270-1] ntfs-3g security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5270-1] ntfs-3g security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 04 Nov 2022 08:48:55 +0000
Message-id: <[🔎] E1oqsNj-009YhE-EV@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5270-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 04, 2022                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ntfs-3g
CVE ID         : CVE-2022-40284

Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a
read-write NTFS driver for FUSE, due to incorrect validation of some of
the NTFS metadata. A local user can take advantage of this flaw for
local root privilege escalation.

For the stable distribution (bullseye), this problem has been fixed in
version 1:2017.3.23AR.3-4+deb11u3.

We recommend that you upgrade your ntfs-3g packages.

For the detailed security status of ntfs-3g please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/ntfs-3g

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNk0SpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Ti5A/9FsoHBMdHvmNC5orI/fWqKGJoJyG3Uf192sLVRxWDaX1P2GW8eDS6KiOC
iCAenevi6yXslNVIpxMUCgevx0v7znAxxcbc4Wocax0j4ereSR+6T8pS6IvgcwAg
0r6wXfHsjcm3AoAq/D5MamtC2YHpYDgppei65OvZeHIG0D8p57+KbMp3M9rqRp/N
bvAjO38f0XiJ6zn+ry19Yy1YdS8I6xG/VYb0ab/Wg/v7cFv2f+qfLG0EZuOBF3wM
0WXHtVxAgviVLznupokZo2yxxCl+DqWXSfOZM4OaQMzoJ50Rizp2PLUxs2BjVIst
9QYOPkTB2EWrXRn4Bj5Q2AmNfmaAWBbADzOw7xfkLeXwCRz8Zvn+JOvMatSMVlmG
GHD/so0NHpPIkINP/5hQO95b3bbwPeKUNtUaYsfAHDPMkRm26O0VNu0fSjjaK48U
s4QlqFHpmCtt09Gs7ACZDeCjJy0vPs9ejG5Nf2aNZBNiu/vzANIjQlkmcG5WcpRL
o+Tt/fNEUZMrKzww2awZ+08ht1cPffuvQfZRXGNiQGVt2KBtLUuKQ3uOumxGJmFS
/lEdgkCSLoRnLFyjpGeSTEGWq/4BLWOUyasSQ5NJuBz1b+k2gC1YiZmBY8Q0jp20
GV33WVJZ25gRonq+E9i91Eh0u10CM9uKeYYsh5VDnPXiDiEzewY=
=jcHQ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5269-1] pypy3 security update
Next by Date: [SECURITY] [DSA 5271-1] libxml2 security update
Previous by thread: [SECURITY] [DSA 5269-1] pypy3 security update
Next by thread: [SECURITY] [DSA 5271-1] libxml2 security update
Index(es):
- Date
- Thread