Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 561
Alerts This Week
Warning Icon 1 561

Ubuntu 16.10 & 16.04 LTS USN-3182-1 Critical NTFS-3G Threat

ubuntu
Calendar Grey February 1, 2017
Scroller Ubuntu Esm H88
A security flaw in NTFS-3G on Ubuntu enables local threat actors to inject kernel modules, introducing potential vulnerabilities.
NTFS-3G could be made to load kernel modules as an administrator.

Summary

NTFS-3G could be made to load kernel modules as an administrator.

Software Description:

- ntfs-3g: read/write NTFS driver for FUSE

Details:

Jann Horn discovered that NTFS-3G incorrectly filtered environment variables

when using the modprobe utility. A local attacker could possibly use this issue

to load arbitrary kernel modules.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  ntfs-3g                         1:2016.2.22AR.1-3ubuntu0.1

Ubuntu 16.04 LTS:
  ntfs-3g                         1:2015.3.14AR.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

CVE-2017-0358

Severity
critical
Lowest
Low
Medium
High
Critical

February 01, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.