Gentoo: GLSA-202301-01: NTFS-3G: Multiple Vulnerabilities | LinuxSe...
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202301-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: NTFS-3G: Multiple Vulnerabilities
     Date: January 11, 2023
     Bugs: #878885, #847598, #811156
       ID: 202301-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in NTFS-3G, the worst of which
could result in arbitrary code execution.

Background
==========

NTFS-3G is a stable, full-featured, read-write NTFS driver for various
operating systems.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  sys-fs/ntfs3g              < 2022.10.3              >= 2022.10.3

Description
===========

Multiple vulnerabilities have been discovered in NTFS-3G. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All NTFS-3G users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-fs/ntfs3g-2022.10.3"

References
==========

[ 1 ] CVE-2021-33285
      https://nvd.nist.gov/vuln/detail/CVE-2021-33285
[ 2 ] CVE-2021-33286
      https://nvd.nist.gov/vuln/detail/CVE-2021-33286
[ 3 ] CVE-2021-33287
      https://nvd.nist.gov/vuln/detail/CVE-2021-33287
[ 4 ] CVE-2021-33289
      https://nvd.nist.gov/vuln/detail/CVE-2021-33289
[ 5 ] CVE-2021-35266
      https://nvd.nist.gov/vuln/detail/CVE-2021-35266
[ 6 ] CVE-2021-35267
      https://nvd.nist.gov/vuln/detail/CVE-2021-35267
[ 7 ] CVE-2021-35268
      https://nvd.nist.gov/vuln/detail/CVE-2021-35268
[ 8 ] CVE-2021-35269
      https://nvd.nist.gov/vuln/detail/CVE-2021-35269
[ 9 ] CVE-2021-39251
      https://nvd.nist.gov/vuln/detail/CVE-2021-39251
[ 10 ] CVE-2021-39252
      https://nvd.nist.gov/vuln/detail/CVE-2021-39252
[ 11 ] CVE-2021-39253
      https://nvd.nist.gov/vuln/detail/CVE-2021-39253
[ 12 ] CVE-2021-39254
      https://nvd.nist.gov/vuln/detail/CVE-2021-39254
[ 13 ] CVE-2021-39255
      https://nvd.nist.gov/vuln/detail/CVE-2021-39255
[ 14 ] CVE-2021-39256
      https://nvd.nist.gov/vuln/detail/CVE-2021-39256
[ 15 ] CVE-2021-39257
      https://nvd.nist.gov/vuln/detail/CVE-2021-39257
[ 16 ] CVE-2021-39258
      https://nvd.nist.gov/vuln/detail/CVE-2021-39258
[ 17 ] CVE-2021-39259
      https://nvd.nist.gov/vuln/detail/CVE-2021-39259
[ 18 ] CVE-2021-39260
      https://nvd.nist.gov/vuln/detail/CVE-2021-39260
[ 19 ] CVE-2021-39261
      https://nvd.nist.gov/vuln/detail/CVE-2021-39261
[ 20 ] CVE-2021-39262
      https://nvd.nist.gov/vuln/detail/CVE-2021-39262
[ 21 ] CVE-2021-39263
      https://nvd.nist.gov/vuln/detail/CVE-2021-39263
[ 22 ] CVE-2022-30783
      https://nvd.nist.gov/vuln/detail/CVE-2022-30783
[ 23 ] CVE-2022-30784
      https://nvd.nist.gov/vuln/detail/CVE-2022-30784
[ 24 ] CVE-2022-30785
      https://nvd.nist.gov/vuln/detail/CVE-2022-30785
[ 25 ] CVE-2022-30786
      https://nvd.nist.gov/vuln/detail/CVE-2022-30786
[ 26 ] CVE-2022-30787
      https://nvd.nist.gov/vuln/detail/CVE-2022-30787
[ 27 ] CVE-2022-30788
      https://nvd.nist.gov/vuln/detail/CVE-2022-30788
[ 28 ] CVE-2022-30789
      https://nvd.nist.gov/vuln/detail/CVE-2022-30789
[ 29 ] CVE-2022-40284
      https://nvd.nist.gov/vuln/detail/CVE-2022-40284

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202301-01

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-202301-01: NTFS-3G: Multiple Vulnerabilities

Multiple vulnerabilities have been found in NTFS-3G, the worst of which could result in arbitrary code execution.

Summary

Multiple vulnerabilities have been discovered in NTFS-3G. Please review the CVE identifiers referenced below for details.

Resolution

All NTFS-3G users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/ntfs3g-2022.10.3"

References

[ 1 ] CVE-2021-33285 https://nvd.nist.gov/vuln/detail/CVE-2021-33285 [ 2 ] CVE-2021-33286 https://nvd.nist.gov/vuln/detail/CVE-2021-33286 [ 3 ] CVE-2021-33287 https://nvd.nist.gov/vuln/detail/CVE-2021-33287 [ 4 ] CVE-2021-33289 https://nvd.nist.gov/vuln/detail/CVE-2021-33289 [ 5 ] CVE-2021-35266 https://nvd.nist.gov/vuln/detail/CVE-2021-35266 [ 6 ] CVE-2021-35267 https://nvd.nist.gov/vuln/detail/CVE-2021-35267 [ 7 ] CVE-2021-35268 https://nvd.nist.gov/vuln/detail/CVE-2021-35268 [ 8 ] CVE-2021-35269 https://nvd.nist.gov/vuln/detail/CVE-2021-35269 [ 9 ] CVE-2021-39251 https://nvd.nist.gov/vuln/detail/CVE-2021-39251 [ 10 ] CVE-2021-39252 https://nvd.nist.gov/vuln/detail/CVE-2021-39252 [ 11 ] CVE-2021-39253 https://nvd.nist.gov/vuln/detail/CVE-2021-39253 [ 12 ] CVE-2021-39254 https://nvd.nist.gov/vuln/detail/CVE-2021-39254 [ 13 ] CVE-2021-39255 https://nvd.nist.gov/vuln/detail/CVE-2021-39255 [ 14 ] CVE-2021-39256 https://nvd.nist.gov/vuln/detail/CVE-2021-39256 [ 15 ] CVE-2021-39257 https://nvd.nist.gov/vuln/detail/CVE-2021-39257 [ 16 ] CVE-2021-39258 https://nvd.nist.gov/vuln/detail/CVE-2021-39258 [ 17 ] CVE-2021-39259 https://nvd.nist.gov/vuln/detail/CVE-2021-39259 [ 18 ] CVE-2021-39260 https://nvd.nist.gov/vuln/detail/CVE-2021-39260 [ 19 ] CVE-2021-39261 https://nvd.nist.gov/vuln/detail/CVE-2021-39261 [ 20 ] CVE-2021-39262 https://nvd.nist.gov/vuln/detail/CVE-2021-39262 [ 21 ] CVE-2021-39263 https://nvd.nist.gov/vuln/detail/CVE-2021-39263 [ 22 ] CVE-2022-30783 https://nvd.nist.gov/vuln/detail/CVE-2022-30783 [ 23 ] CVE-2022-30784 https://nvd.nist.gov/vuln/detail/CVE-2022-30784 [ 24 ] CVE-2022-30785 https://nvd.nist.gov/vuln/detail/CVE-2022-30785 [ 25 ] CVE-2022-30786 https://nvd.nist.gov/vuln/detail/CVE-2022-30786 [ 26 ] CVE-2022-30787 https://nvd.nist.gov/vuln/detail/CVE-2022-30787 [ 27 ] CVE-2022-30788 https://nvd.nist.gov/vuln/detail/CVE-2022-30788 [ 28 ] CVE-2022-30789 https://nvd.nist.gov/vuln/detail/CVE-2022-30789 [ 29 ] CVE-2022-40284 https://nvd.nist.gov/vuln/detail/CVE-2022-40284

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202301-01

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: High
Title: NTFS-3G: Multiple Vulnerabilities
Date: January 11, 2023
Bugs: #878885, #847598, #811156
ID: 202301-01

Synopsis

Multiple vulnerabilities have been found in NTFS-3G, the worst of which could result in arbitrary code execution.

Background

NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-fs/ntfs3g < 2022.10.3 >= 2022.10.3

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.