Debian 10037 Published by

A ntfs-3g security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a buffer overflow.



ELA-736-1 ntfs-3g security update

Package : ntfs-3g
Version : 1:2014.2.15AR.2-1+deb8u7 (jessie), 1:2016.2.22AR.1+dfsg-1+deb9u4 (stretch)

Related CVEs :
CVE-2022-40284

Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G,
a read-write NTFS driver for FUSE, due to incorrect validation of some
of the NTFS metadata. A local user can take advantage of this flaw for
local root privilege escalation.

  ELA-736-1 ntfs-3g security update