diff options
author | Sylvain Beucler <beuc@beuc.net> | 2022-06-21 17:01:17 +0200 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2022-06-21 17:01:17 +0200 |
commit | 5e09c7016983b6f8af780b9b5533679cc6e58b42 (patch) | |
tree | a24415850e75a723d376189dd93a861ddb085a91 | |
parent | 6307a9494c979d9b31a0e300d19499f2d5815dc6 (diff) |
DLA-3055-1 for ntfs-3g
-rw-r--r-- | english/lts/security/2022/dla-3055.data | 10 | ||||
-rw-r--r-- | english/lts/security/2022/dla-3055.wml | 64 |
2 files changed, 74 insertions, 0 deletions
diff --git a/english/lts/security/2022/dla-3055.data b/english/lts/security/2022/dla-3055.data new file mode 100644 index 00000000000..1d6a72ba2da --- /dev/null +++ b/english/lts/security/2022/dla-3055.data @@ -0,0 +1,10 @@ +<define-tag pagetitle>DLA-3055-1 ntfs-3g</define-tag> +<define-tag report_date>2022-06-21</define-tag> +<define-tag secrefs>CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 Bug#1011770</define-tag> +<define-tag packages>ntfs-3g</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + diff --git a/english/lts/security/2022/dla-3055.wml b/english/lts/security/2022/dla-3055.wml new file mode 100644 index 00000000000..30bd0b1791f --- /dev/null +++ b/english/lts/security/2022/dla-3055.wml @@ -0,0 +1,64 @@ +<define-tag description>LTS security update</define-tag> +<define-tag moreinfo> +<p>Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS +driver for FUSE. A local user can take advantage of these flaws for +local root privilege escalation.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-30783">CVE-2022-30783</a> + + <p>An invalid return code in fuse_kern_mount enables intercepting of + libfuse-lite protocol traffic between NTFS-3G and the kernel when + using libfuse-lite.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-30784">CVE-2022-30784</a> + + <p>A crafted NTFS image can cause heap exhaustion in + ntfs_get_attribute_value.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-30785">CVE-2022-30785</a> + + <p>A file handle created in fuse_lib_opendir, and later used in + fuse_lib_readdir, enables arbitrary memory read and write + operations when using libfuse-lite.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-30786">CVE-2022-30786</a> + + <p>A crafted NTFS image can cause a heap-based buffer overflow in + ntfs_names_full_collate.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-30787">CVE-2022-30787</a> + + <p>An integer underflow in fuse_lib_readdir enables arbitrary memory + read operations when using libfuse-lite.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-30788">CVE-2022-30788</a> + + <p>A crafted NTFS image can cause a heap-based buffer overflow in + ntfs_mft_rec_alloc.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-30789">CVE-2022-30789</a> + + <p>A crafted NTFS image can cause a heap-based buffer overflow in + ntfs_check_log_client_array.</p></li> + +</ul> + +<p>For Debian 9 stretch, these problems have been fixed in version +1:2016.2.22AR.1+dfsg-1+deb9u3.</p> + +<p>We recommend that you upgrade your ntfs-3g packages.</p> + +<p>For the detailed security status of ntfs-3g please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/ntfs-3g">https://security-tracker.debian.org/tracker/ntfs-3g</a></p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2022/dla-3055.data" +# $Id: $ |