drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in NTFS-3G
Name: |
Mehrere Probleme in NTFS-3G |
|
ID: |
USN-5463-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10, Ubuntu 22.04 LTS |
|
Datum: |
Di, 7. Juni 2022, 22:07 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786 |
|
Applikationen: |
NTFS-3G |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3688238331628568014== Content-Language: en-CA Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------qBlU06sfL2u2L5pdlOpoW3Zd"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------qBlU06sfL2u2L5pdlOpoW3Zd Content-Type: multipart/mixed; boundary="------------VHbYtB4ggszFRjnzB1cQGsow"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <ea466b3f-05c6-8ee8-2633-e6b14726de2a@canonical.com> Subject: [USN-5463-1] NTFS-3G vulnerabilities
--------------VHbYtB4ggszFRjnzB1cQGsow Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-5463-1 June 07, 2022
ntfs-3g vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in ntfs-3g.
Software Description: - ntfs-3g: read/write NTFS driver for FUSE
Details:
It was discovered that NTFS-3G incorrectly handled the ntfsck tool. If a user or automated system were tricked into using ntfsck on a specially crafted disk image, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2021-46790)
Roman Fiedler discovered that NTFS-3G incorrectly handled certain return codes. A local attacker could possibly use this issue to intercept protocol traffic between FUSE and the kernel. (CVE-2022-30783)
It was discovered that NTFS-3G incorrectly handled certain NTFS disk images. If a user or automated system were tricked into mounting a specially crafted disk image, a remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789)
Roman Fiedler discovered that NTFS-3G incorrectly handled certain file handles. A local attacker could possibly use this issue to read and write arbitrary memory. (CVE-2022-30785, CVE-2022-30787)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: ntfs-3g 1:2021.8.22-3ubuntu1.1
Ubuntu 21.10: ntfs-3g 1:2017.3.23AR.3-3ubuntu5.1
Ubuntu 20.04 LTS: ntfs-3g 1:2017.3.23AR.3-3ubuntu1.2
Ubuntu 18.04 LTS: ntfs-3g 1:2017.3.23-2ubuntu0.18.04.4
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5463-1 CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789
Package Information: https://launchpad.net/ubuntu/+source/ntfs-3g/1:2021.8.22-3ubuntu1.1 https://launchpad.net/ubuntu/+source/ntfs-3g/1:2017.3.23AR.3-3ubuntu5.1 https://launchpad.net/ubuntu/+source/ntfs-3g/1:2017.3.23AR.3-3ubuntu1.2 https://launchpad.net/ubuntu/+source/ntfs-3g/1:2017.3.23-2ubuntu0.18.04.4
--------------VHbYtB4ggszFRjnzB1cQGsow--
--------------qBlU06sfL2u2L5pdlOpoW3Zd Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmKfYMMACgkQZWnYVadE vpPoSg/+M0JcLALh3iXZAQaMGvuFcK9Zdn4lQHvLSdxbKo/KU7sUE9v77kYC2gDq pJU8J77V0iubi76Xz1y1TNSZx7eM4HFiq9WhPsVMdE4jQCpQh6fGQjzPDrBK6qik nmre3apdEfeHAVxXSgnZXL9S9p1cxTEby/lAMMFCMosnR1EW2dCi/rkHLTQGDNVZ 097MV1Pi7eI8uO37F4bBtaZ+RgdlBvz+DNrURISfPypsVk1jpjvBMZA3hIlddRZ7 myzGbqlkkMc63o9hiQpq4uzn0ROQ28PPKzT+71jtmyBt4fLH9NpyhiXERb6HPfTk jM+PMaSpD2GqSN9CD7d0qYAY4/O3G/sbrSRVVPyASEh9a8NyF+8ElD2bhusUQDOh 9Wr7ZsslJtnfwSRp5st0q2aVlIOfv8tRteoxHerGccUfsL7iISqlttccV7hPA/u/ VQetGC/V8VG351vuvWMeJjIP8SlBFpJr8dzjhHZxp6VYYLR915syirnSGyLBHuvs t4f6CB9MAyjUJg47JqYZDF6D559+jcxRE/Y+mE9woov8xDCg2Z3ZFQl1ETJly0Fl qSZnpYxbFyR9NiyyweqPP2FcXlp7cR2CtePFnYG0CB/w43Ii/MDNzqwszi5gJN/s Qa1fsFFxA0q8u9gIGNvfju5UjXJlRPUsRi/NeVtPEFFV5GdLuoA= =OmB1 -----END PGP SIGNATURE-----
--------------qBlU06sfL2u2L5pdlOpoW3Zd--
--===============3688238331628568014== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============3688238331628568014==--
|
|
|
|