[Buildroot] [PATCH] package/ntfs-3g: add upstream security fix for CVE-2019-9755

Peter Korsgaard peter at korsgaard.com
Tue Mar 10 20:59:16 UTC 2020


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes CVE-2019-9755: An integer underflow issue exists in ntfs-3g 2017.3.23.
 > A local attacker could potentially exploit this by running /bin/ntfs-3g with
 > specially crafted arguments from a specially crafted directory to cause a
 > heap buffer overflow, resulting in a crash or the ability to execute
 > arbitrary code.  In installations where /bin/ntfs-3g is a setuid-root
 > binary, this could lead to a local escalation of privileges.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.02.x and 2019.11.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list