NTFS-3G: Multiple Vulnerabilities — GLSA 202301-01

Multiple vulnerabilities have been found in NTFS-3G, the worst of which could result in arbitrary code execution.

Affected packages

Background

NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems.

Description

Multiple vulnerabilities have been discovered in NTFS-3G. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-fs/ntfs3g-2022.10.3"
 

References

• CVE-2021-33285
• CVE-2021-33286
• CVE-2021-33287
• CVE-2021-33289
• CVE-2021-35266
• CVE-2021-35267
• CVE-2021-35268
• CVE-2021-35269
• CVE-2021-39251
• CVE-2021-39252
• CVE-2021-39253
• CVE-2021-39254
• CVE-2021-39255
• CVE-2021-39256
• CVE-2021-39257
• CVE-2021-39258
• CVE-2021-39259
• CVE-2021-39260
• CVE-2021-39261
• CVE-2021-39262
• CVE-2021-39263
• CVE-2022-30783
• CVE-2022-30784
• CVE-2022-30785
• CVE-2022-30786
• CVE-2022-30787
• CVE-2022-30788
• CVE-2022-30789
• CVE-2022-40284

Release date
January 11, 2023

Latest revision
January 11, 2023: 1

Severity
high

Exploitable
remote

Bugzilla entries

• 878885
• 847598
• 811156