Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

Ubuntu 15.04 USN-2617-2 Moderate: NTFS-3G File Overwrite Risk

ubuntu
Calendar Grey May 22, 2015
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
NTFS-3G could be made to overwrite files as the administrator.

Summary

NTFS-3G could be made to overwrite files as the administrator.

Software Description:

- ntfs-3g: read/write NTFS driver for FUSE

Details:

USN-2617-1 fixed a vulnerability in FUSE. This update provides the

corresponding fix for the embedded FUSE copy in NTFS-3G.

Original advisory details:

Tavis Ormandy discovered that FUSE incorrectly filtered environment

variables. A local attacker could use this issue to gain administrative

privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  ntfs-3g                         1:2014.2.15AR.3-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2617-2

https://ubuntu.com/security/notices/USN-2617-1

CVE-2015-3202

Severity
important
Lowest
Low
Medium
High
Critical

May 22, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.