Joined: 12 May 2004
|Posted: Tue Jul 28, 2020 7:26 pm Post subject: [ glsa 202007-45 ] ntfs-3g
|Gentoo Linux Security Advisory
Title: NTFS-3G: Remote code execution, possible privilege escalation (GLSA 202007-45)
A buffer overflow in NTFS-3g might allow local or remote
attacker(s) to execute arbitrary code, or escalate privileges.
NTFS-3G is a stable, full-featured, read-write NTFS driver for various
Vulnerable: < 2017.3.23-r3
Unaffected: >= 2017.3.23-r3
Architectures: All supported architectures
An integer underflow issue exists in NTFS-3G which may cause a heap
buffer overflow with crafted input.
A remote attacker may be able to execute arbitrary code while a local
attacker may be able to escalate privileges.
There is no known workaround at this time.
All NTFS-3G users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/ntfs3g-2017.3.23-r3"