UbuntuUpdates.org

Package "libntfs-3g883"

Name: libntfs-3g883

Description:

read/write NTFS driver for FUSE (runtime library)

Latest version: 1:2017.3.23AR.3-3ubuntu1.3
Release: focal (20.04)
Level: security
Repository: main
Head package: ntfs-3g
Homepage: http://jp-andre.pagesperso-orange.fr/advanced-ntfs-3g.html

Links


Download "libntfs-3g883"


Other versions of "libntfs-3g883" in Focal

Repository Area Version
base main 1:2017.3.23AR.3-3ubuntu1
updates main 1:2017.3.23AR.3-3ubuntu1.3

Changelog

Version: 1:2017.3.23AR.3-3ubuntu1.3 2022-11-02 14:06:27 UTC

  ntfs-3g (1:2017.3.23AR.3-3ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: code execution via incorrect validation of metadata
    - debian/patches/CVE-2022-40284-1.patch: rejected zero-sized runs in
      libntfs-3g/runlist.c.
    - debian/patches/CVE-2022-40284-2.patch: avoided merging runlists with
      no runs in libntfs-3g/runlist.c.
    - CVE-2022-40284

 -- Marc Deslauriers <email address hidden> Tue, 01 Nov 2022 07:56:50 -0400

Source diff to previous version

Version: 1:2017.3.23AR.3-3ubuntu1.2 2022-06-07 15:06:22 UTC

  ntfs-3g (1:2017.3.23AR.3-3ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in ntfsck
    - debian/patches/CVE-2021-46790.patch: properly handle error in
      ntfsprogs/ntfsck.c.
    - CVE-2021-46790
  * SECURITY UPDATE: traffic interception via incorrect return code
    - debian/patches/CVE-2022-30783.patch: return proper error code in
      libfuse-lite/mount.c, src/ntfs-3g_common.c, src/ntfs-3g_common.h.
    - CVE-2022-30783
  * SECURITY UPDATE: heap exhaustion via invalid NTFS image
    - debian/patches/CVE-2022-30784.patch: Avoid allocating and reading an
      attribute beyond its full size in libntfs-3g/attrib.c.
    - CVE-2022-30784
  * SECURITY UPDATE: arbitrary memory access via fuse
    - debian/patches/CVE-2022-30785_30787.patch: check directory offset in
      libfuse-lite/fuse.c.
    - CVE-2022-30785
    - CVE-2022-30787
  * SECURITY UPDATE: heap overflow via ntfs attribute names
    - debian/patches/CVE-2022-30786-1.patch: make sure there is no null
      character in an attribute name in libntfs-3g/attrib.c.
    - debian/patches/CVE-2022-30786-2.patch: make sure there is no null
      character in an attribute name in libntfs-3g/attrib.c.
    - CVE-2022-30786
  * SECURITY UPDATE: heap buffer overflow via crafted NTFS image
    - debian/patches/CVE-2022-30788-1.patch: use a default usn when the
      former one cannot be retrieved in libntfs-3g/mft.c.
    - debian/patches/CVE-2022-30788-2.patch: fix operation on little endian
      data in libntfs-3g/mft.c.
    - CVE-2022-30788
  * SECURITY UPDATE: heap buffer overflow via crafted NTFS image
    - debian/patches/CVE-2022-30789.patch: make sure the client log data
      does not overflow from restart page in libntfs-3g/logfile.c.
    - CVE-2022-30789

 -- Marc Deslauriers <email address hidden> Mon, 06 Jun 2022 14:09:42 -0400

Source diff to previous version
CVE-2021-46790 ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecat
CVE-2022-30783 An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 202
CVE-2022-30784 A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2022-30785 A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through
CVE-2022-30787 An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30786 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30788 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30789 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

Version: 1:2017.3.23AR.3-3ubuntu1.1 2021-08-31 18:06:22 UTC

  ntfs-3g (1:2017.3.23AR.3-3ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/aug2021-security.patch: backport fixes from new
      upstream version.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Mon, 23 Aug 2021 09:18:46 -0400




About   -   Send Feedback to @ubuntu_updates