[USN-5060-2] NTFS-3G vulnerabilities
akash rao
arao36224 at gmail.com
Wed Sep 1 00:48:35 UTC 2021
On Wed, 1 Sept 2021 at 01:31, Leonidas S. Barbosa <leo.barbosa at canonical.com>
wrote:
> ==========================================================================
> Ubuntu Security Notice USN-5060-2
> August 31, 2021
>
> ntfs-3g vulnerabilities
> ==========================================================================
>
> A security issue affects these releases of Ubuntu and its derivatives:
>
> - Ubuntu 16.04 ESM
> - Ubuntu 14.04 ESM
>
> Summary:
>
> NTFS-3G could be made to execute arbitrary code if it received a specially
> crafted image file.
>
> Software Description:
> - ntfs-3g: read/write NTFS driver for FUSE
>
> Details:
>
> USN-5060-1 fixed a vulnerability in NTFS-3G. This update provides
> the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
>
> Original advisory details:
>
> It was discovered that NTFS-3G incorrectly handled certain image file.
> An attacker could possibly use this issue to execute arbitrary code.
>
> Update instructions:
>
> The problem can be corrected by updating your system to the following
> package versions:
>
> Ubuntu 16.04 ESM:
> ntfs-3g 1:2015.3.14AR.1-1ubuntu0.3+esm1
>
> Ubuntu 14.04 ESM:
> ntfs-3g 1:2013.1.13AR.1-2ubuntu2+esm1
>
> In general, a standard system update will make all the necessary changes.
>
> References:
> https://ubuntu.com/security/notices/USN-5060-2
> https://ubuntu.com/security/notices/USN-5060-1
> https://launchpad.net/bugs/1942235
> --
> ubuntu-security-announce mailing list
> ubuntu-security-announce at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20210901/a8d931d8/attachment.html>
More information about the ubuntu-users
mailing list