[ubuntu/jammy-security] ntfs-3g 1:2021.8.22-3ubuntu1.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jun 7 14:03:35 UTC 2022 

ntfs-3g (1:2021.8.22-3ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in ntfsck
    - debian/patches/CVE-2021-46790.patch: properly handle error in
      ntfsprogs/ntfsck.c.
    - CVE-2021-46790
  * SECURITY UPDATE: traffic interception via incorrect return code
    - debian/patches/CVE-2022-30783.patch: return proper error code in
      libfuse-lite/mount.c, src/ntfs-3g_common.c, src/ntfs-3g_common.h.
    - CVE-2022-30783
  * SECURITY UPDATE: heap exhaustion via invalid NTFS image
    - debian/patches/CVE-2022-30784.patch: Avoid allocating and reading an
      attribute beyond its full size in libntfs-3g/attrib.c.
    - CVE-2022-30784
  * SECURITY UPDATE: arbitrary memory access via fuse
    - debian/patches/CVE-2022-30785_30787.patch: check directory offset in
      libfuse-lite/fuse.c.
    - CVE-2022-30785
    - CVE-2022-30787
  * SECURITY UPDATE: heap overflow via ntfs attribute names
    - debian/patches/CVE-2022-30786-1.patch: make sure there is no null
      character in an attribute name in libntfs-3g/attrib.c.
    - debian/patches/CVE-2022-30786-2.patch: make sure there is no null
      character in an attribute name in libntfs-3g/attrib.c.
    - CVE-2022-30786
  * SECURITY UPDATE: heap buffer overflow via crafted NTFS image
    - debian/patches/CVE-2022-30788-1.patch: use a default usn when the
      former one cannot be retrieved in libntfs-3g/mft.c.
    - debian/patches/CVE-2022-30788-2.patch: fix operation on little endian
      data in libntfs-3g/mft.c.
    - CVE-2022-30788
  * SECURITY UPDATE: heap buffer overflow via crafted NTFS image
    - debian/patches/CVE-2022-30789.patch: make sure the client log data
      does not overflow from restart page in libntfs-3g/logfile.c.
    - CVE-2022-30789

Date: 2022-06-06 18:55:09.233297+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ntfs-3g/1:2021.8.22-3ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list