package/ntfs-3g: security bump to version 2022.10.3 (6facb6fa) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 6facb6fa authored Nov 12, 2022 by Fabrice Fontaine Committed by Thomas Petazzoni Nov 13, 2022

Fix CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before
2022.10.3. Crafted metadata in an NTFS image can cause code execution. A
local attacker can exploit this if the ntfs-3g binary is setuid root. A
physically proximate attacker can exploit this if NTFS-3G software is
configured to execute upon attachment of an external storage device.

https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-v4w8-jv3w-7prm
https://github.com/tuxera/ntfs-3g/releases/tag/2022.10.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

parent 2f0e82c4

Please register or to comment