Package "ntfs-3g"
| Name: |
ntfs-3g
|
Description: |
read/write NTFS driver for FUSE
|
| Latest version: |
1:2021.8.22-3ubuntu1.2 |
| Release: |
jammy (22.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
https://github.com/tuxera/ntfs-3g/wiki |
Links
Download "ntfs-3g"
Other versions of "ntfs-3g" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
|
ntfs-3g (1:2021.8.22-3ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: code execution via incorrect validation of metadata
- debian/patches/CVE-2022-40284-1.patch: rejected zero-sized runs in
libntfs-3g/runlist.c.
- debian/patches/CVE-2022-40284-2.patch: avoided merging runlists with
no runs in libntfs-3g/runlist.c.
- CVE-2022-40284
-- Marc Deslauriers <email address hidden> Tue, 01 Nov 2022 07:56:19 -0400
|
| Source diff to previous version |
|
ntfs-3g (1:2021.8.22-3ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in ntfsck
- debian/patches/CVE-2021-46790.patch: properly handle error in
ntfsprogs/ntfsck.c.
- CVE-2021-46790
* SECURITY UPDATE: traffic interception via incorrect return code
- debian/patches/CVE-2022-30783.patch: return proper error code in
libfuse-lite/mount.c, src/ntfs-3g_common.c, src/ntfs-3g_common.h.
- CVE-2022-30783
* SECURITY UPDATE: heap exhaustion via invalid NTFS image
- debian/patches/CVE-2022-30784.patch: Avoid allocating and reading an
attribute beyond its full size in libntfs-3g/attrib.c.
- CVE-2022-30784
* SECURITY UPDATE: arbitrary memory access via fuse
- debian/patches/CVE-2022-30785_30787.patch: check directory offset in
libfuse-lite/fuse.c.
- CVE-2022-30785
- CVE-2022-30787
* SECURITY UPDATE: heap overflow via ntfs attribute names
- debian/patches/CVE-2022-30786-1.patch: make sure there is no null
character in an attribute name in libntfs-3g/attrib.c.
- debian/patches/CVE-2022-30786-2.patch: make sure there is no null
character in an attribute name in libntfs-3g/attrib.c.
- CVE-2022-30786
* SECURITY UPDATE: heap buffer overflow via crafted NTFS image
- debian/patches/CVE-2022-30788-1.patch: use a default usn when the
former one cannot be retrieved in libntfs-3g/mft.c.
- debian/patches/CVE-2022-30788-2.patch: fix operation on little endian
data in libntfs-3g/mft.c.
- CVE-2022-30788
* SECURITY UPDATE: heap buffer overflow via crafted NTFS image
- debian/patches/CVE-2022-30789.patch: make sure the client log data
does not overflow from restart page in libntfs-3g/logfile.c.
- CVE-2022-30789
-- Marc Deslauriers <email address hidden> Mon, 06 Jun 2022 13:57:00 -0400
|
| CVE-2021-46790 |
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecat |
| CVE-2022-30783 |
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 202 |
| CVE-2022-30784 |
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. |
| CVE-2022-30785 |
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through |
| CVE-2022-30787 |
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. |
| CVE-2022-30786 |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. |
| CVE-2022-30788 |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. |
| CVE-2022-30789 |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. |
|
About
-
Send Feedback to @ubuntu_updates
