Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 463
Alerts This Week
Warning Icon 1 463

Ubuntu 16.04, 14.04 USN-5452-1 Critical: ntfs-3g Denial Of Service Issue

ubuntu
Calendar Grey May 30, 2022
Dist Ubuntu Esm H88
Uncover the security flaw within NTFS-3G on Ubuntu, which poses risks of potential system crashes or the execution of unapproved software.
NTFS-3G could be made to crash or run programs if it opened a specially crafted file.

Summary

NTFS-3G could be made to crash or run programs if it opened a

specially crafted file.

Software Description:

- ntfs-3g: read/write NTFS driver for FUSE

Details:

It was discovered that NTFS-3G was incorrectly validating NTFS

metadata in its ntfsck tool by not performing boundary checks. A

local attacker could possibly use this issue to cause a denial of

service or to execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   ntfs-3g                         1:2015.3.14AR.1-1ubuntu0.3+esm2
   ntfs-3g-dev                     1:2015.3.14AR.1-1ubuntu0.3+esm2

Ubuntu 14.04 ESM:
   ntfs-3g                         1:2013.1.13AR.1-2ubuntu2+esm2
   ntfs-3g-dev                     1:2013.1.13AR.1-2ubuntu2+esm2

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5452-1

  CVE-2021-46790

Severity
critical
Lowest
Low
Medium
High
Critical

May 30, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.