ELA-1197-1 ntfs-3g security update

use-after-free

2024-10-04

Package	ntfs-3g
Version	1:2016.2.22AR.1+dfsg-1+deb9u5 (stretch), 1:2017.3.23AR.3-4+deb11u4~deb10u1 (buster)
Related CVEs	CVE-2023-52890

Use-after-free in ntfs_uppercase_mbs() has been fixed in ntfs-3g, a read/write driver for the NTFS filesystem.

For Debian 10 buster, these problems have been fixed in version 1:2017.3.23AR.3-4+deb11u4~deb10u1.

For Debian 9 stretch, these problems have been fixed in version 1:2016.2.22AR.1+dfsg-1+deb9u5.

We recommend that you upgrade your ntfs-3g packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.