[Buildroot] [PATCH] package/ntfs-3g: add upstream security fix for CVE-2019-9755
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Tue Feb 4 22:20:08 UTC 2020
On Tue, 4 Feb 2020 16:50:31 +0100
Peter Korsgaard <peter at korsgaard.com> wrote:
> Fixes CVE-2019-9755: An integer underflow issue exists in ntfs-3g 2017.3.23.
> A local attacker could potentially exploit this by running /bin/ntfs-3g with
> specially crafted arguments from a specially crafted directory to cause a
> heap buffer overflow, resulting in a crash or the ability to execute
> arbitrary code. In installations where /bin/ntfs-3g is a setuid-root
> binary, this could lead to a local escalation of privileges.
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> ...an-error-when-failed-to-build-the-mo.patch | 72 +++++++++++++++++++
> 1 file changed, 72 insertions(+)
> create mode 100644 package/ntfs-3g/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list