USN-5711-1: NTFS-3G vulnerability
2 November 2022
NTFS-3G could be made to crash or run programs as an administrator if it mounted a specially crafted disk.
Releases
Packages
- ntfs-3g - read/write NTFS driver for FUSE
Details
Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated
certain NTFS metadata. A local attacker could possibly use this issue to
gain privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5711-2: ntfs-3g-dev, ntfs-3g