Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Ubuntu: USN-3914-2 Moderate: NTFS-3G Hardening Against Buffer Overflow

ubuntu
Calendar Grey April 17, 2019
Dist Ubuntu Esm H88
Important patch for NTFS-3G aimed at fortifying defenses against potential remote execution vulnerabilities.
A hardening measure was added to NTFS-3G.

Summary

A hardening measure was added to NTFS-3G.

Software Description:

- ntfs-3g: read/write NTFS driver for FUSE

Details:

USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening

measure, this update removes the setuid bit from the ntfs-3g binary.

Original advisory details:

A heap buffer overflow was discovered in NTFS-3G when executing it with a

relative mount point path that is too long. A local attacker could

potentially exploit this to execute arbitrary code as the administrator.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  ntfs-3g                         1:2017.3.23-2ubuntu0.18.10.2

Ubuntu 18.04 LTS:
  ntfs-3g                         1:2017.3.23-2ubuntu0.18.04.2

Ubuntu 16.04 LTS:
  ntfs-3g                         1:2015.3.14AR.1-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3914-2

https://ubuntu.com/security/notices/USN-3914-1

https://bugs.launchpad.net/ubuntu/+source/ntfs-3g/+bug/1821250

April 17, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.