Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 494
Alerts This Week
Warning Icon 1 494

Ubuntu 15.04: USN-2617-3 Critical: NTFS-3G Overwrite Issue

ubuntu
Calendar Grey May 27, 2015
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
NTFS-3G could be made to overwrite files as the administrator.

Summary

NTFS-3G could be made to overwrite files as the administrator.

Software Description:

- ntfs-3g: read/write NTFS driver for FUSE

Details:

USN-2617-1 fixed a vulnerability in NTFS-3G. The original patch did not

completely address the issue. This update fixes the problem.

Original advisory details:

Tavis Ormandy discovered that FUSE incorrectly filtered environment

variables. A local attacker could use this issue to gain administrative

privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  ntfs-3g                         1:2014.2.15AR.3-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2617-3

https://ubuntu.com/security/notices/USN-2617-1

CVE-2015-3202

Severity
critical
Lowest
Low
Medium
High
Critical

May 27, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.