Ukukhishwa kwephrojekthi ye-NTFS-3G 2022.5.17, ethuthukisa umshayeli kanye nesethi yezinsiza zokusebenza nesistimu yefayela ye-NTFS endaweni yomsebenzisi, kuqede ubuthakathaka obuyi-8 obukuvumela ukuthi uphakamise amalungelo akho ohlelweni. Izinkinga zibangelwa ukuntuleka kokuhlola okufanele lapho ucubungula izinketho zomugqa womyalo nalapho usebenza nemethadatha kuma-partitions we-NTFS.
- I-CVE-2022-30783, CVE-2022-30785, CVE-2022-30787 - ubungozi kumshayeli we-NTFS-3G ohlanganiswe nelabhulali ye-libfuse eyakhelwe ngaphakathi (libfuse-lite) noma nelabhulali yesistimu ye-libfuse2. Umhlaseli angakwazi ukusebenzisa ikhodi engafanele enamalungelo ezimpande ngokukhohlisa izinketho zomugqa womyalo uma ekwazi ukufinyelela ifayela elisebenzisekayo le-ntfs-3g elinikezwe ifulegi lempande ye-suid. I-prototype esebenzayo yokuxhashazwa yaboniswa ngobungozi.
- I-CVE-2021-46790, CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789 - ubungozi bekhodi yokudlulisa imethadatha kuma-partitions we-NTFS, okuholela ekuphuphumeni okufanele amasheke . Ukuhlasela kungenziwa lapho kucutshungulwa ukwahlukanisa kwe-NTFS-3G okulungiselelwe umhlaseli. Isibonelo, uma umsebenzisi ekhweza idrayivu elungiselelwe umhlaseli, noma lapho umhlaseli enokufinyelela okungalungile kwasendaweni kusistimu. Uma isistimu ilungiselelwe ukuthi ikhweze ngokuzenzakalelayo izingxenye ze-NTFS kumadrayivu angaphandle, okudingekayo ukuze uhlasele ukuxhuma i-USB Flash nge-partition eklanywe ngokukhethekile kukhompuyutha. Ukuxhashazwa okusebenzayo kwalokhu kuba sengozini akukakaboniswa.
Source: opennet.ru