[SECURITY] [DLA 3201-1] ntfs-3g security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3201-1] ntfs-3g security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 21 Nov 2022 23:13:53 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2211212312210.31165@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3201-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
November 22, 2022                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ntfs-3g
Version        : 1:2017.3.23AR.3-3+deb10u3
CVE ID         : CVE-2022-40284

Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, aread-write NTFS driver for FUSE, due to incorrect validation of some ofthe NTFS metadata. A local user can take advantage of this flaw for localroot privilege escalation.

For Debian 10 Buster, this problem has been fixed in version1:2017.3.23AR.3-3+deb10u3.


We recommend that you upgrade your ntfs-3g packages.

For the detailed security status of ntfs-3g please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ntfs-3g

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmN8BjFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdL4A//W2ZXcPSB59xpQiYZUyTIxT72Spxrm9AaCACOIFKfdkYk0kybc/4j5m+7
B6EvmnzLrzLaozkqOVXRHvVxmj3b71gvAcRVew1ZQ5nRS4xJ2lSEzPxMwUziKHHr
jVobTAPsHve5AXHwbHKLSS2KNFFbJNgCPjUsMGkVygAoo/7nLkDwvENcYG1+gs7B
3aHQmYIdBPwuwaq7fIlG4PGiZVymxRZL2hSlWcIHLuKo3inIrPSi6jFe7Ki+jilP
aE7o6La1beDNkyCcI1FZ9T2l1Ku2xR1/y4hw4qZkXksJUNG21aWsIouYlDB7XGO6
+THocHwm7oSVcan7OwyELroGlYhHOHmy2dVIFvE5yTV65D6+Z4E9QWVUYnH+xp7q
pyubRU8/QkVsyBVirt7bQZgvDMeUdgzD+HNL0bGkYKe+KD5PTuwpVZtyWcTZDwVl
ZRiLdLgv4vDHTJQT3xTKRk+t2xahpLaDRfXBHwmSwBcqv739YX53nR5IUwCpnBRb
J0NCa96YxRYsnTX5qtIlfrBXz4tN1ECm9SaR1fXWJixTjIeOjIG/8mux5vSQgeAO
3gFq/AO0uyjstUO+vF+FDRN5Nrr6XoBBZ3IOAhIYIXFtZ6id32f4g+yZH4hLGx2I
n/e+Lq/7klwji4KMJMsvwZd4EF0QtwbPqDRuVvoBaqRzeANxAzA=
=mSWK
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3200-1] graphicsmagick security update
Next by Date: [SECURITY] [DLA 3202-1] libarchive security update
Previous by thread: [SECURITY] [DLA 3200-1] graphicsmagick security update
Next by thread: [SECURITY] [DLA 3202-1] libarchive security update
Index(es):
- Date
- Thread