You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa ntfs-3g

Sigurnosni nedostatak programskog paketa ntfs-3g

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3914-1
March 21, 2019

ntfs-3g vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

NTFS-3G could be made to crash or potentially run programs as an
administrator if executed with specially crafted arguments.

Software Description:
– ntfs-3g: read/write NTFS driver for FUSE

Details:

A heap buffer overflow was discovered in NTFS-3G when executing it with a
relative mount point path that is too long. A local attacker could
potentially exploit this to execute arbitrary code as the administrator.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  ntfs-3g                         1:2017.3.23-2ubuntu0.18.10.1

Ubuntu 18.04 LTS:
  ntfs-3g                         1:2017.3.23-2ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  ntfs-3g                         1:2015.3.14AR.1-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3914-1
  CVE-2019-9755

Package Information:
  https://launchpad.net/ubuntu/+source/ntfs-3g/1:2017.3.23-2ubuntu0.18.10.1
  https://launchpad.net/ubuntu/+source/ntfs-3g/1:2017.3.23-2ubuntu0.18.04.1
  https://launchpad.net/ubuntu/+source/ntfs-3g/1:2015.3.14AR.1-1ubuntu0.2
—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAlyTvKcACgkQYR+97NWU
bg8d4gf/dewurAezYW+/FGiN8vjUqHR8ea8z2bFE1loo/ofhe2MBwSAHE6YDppDD
5rrTsSf5YTUJzhiPfi+u4qQsjSdHg+iQl59h/+OUm7kctDXKAmvqdaABeJMFVbfT
ed0NcHxzf1quJhyBe98Tal662ubKbLTauKrflBOQyy0kKFv2qrKMD4GvVrepnmYJ
fKKaAF6zWVU6xR9acqnUYWlzT6NVV6cbiN9H+IaG9TJ+TgzguTQQlkBdtzayDKwC
QaxzP+Y71wnGWeV3DROi22e2t3I5KpyNOXO+LlzM5JBlFAKzr3cG882+EQZNv5lx
Fb0bfAOxzoEUxYTaXirIU7uwv6QzWw==
=+4B3
—–END PGP SIGNATURE—–

AutorFilip Karamatic
Cert idNCERT-REF-2019-03-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke SDL

Otkriven je sigurnosni nedostatak programske biblioteke SDL za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog koda....

Close