Ubuntu alert USN-8192-2 (ntfs-3g)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8192-2] NTFS-3G vulnerabilities | |
| Date: | Mon, 27 Apr 2026 13:37:41 +0000 | |
| Message-ID: | <E1wHM9d-0003Np-3o@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8192-2 April 27, 2026 ntfs-3g vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: Summary: Several security issues were fixed in NTFS-3G. Software Description: Details: USN-8192-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Jeffrey Bencteux discovered that NTFS-3G incorrectly handled certain UTF-8 sequences. An attacker could use this issue to cause NTFS-3G to crash, resulting in a denial of service, or to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-52890) Andrea Bocchetti discovered that NTFS-3G incorrectly handled certain security descriptors. An attacker could use this issue to cause NTFS-3G to crash, resulting in a denial of service, or to execute arbitrary code. (CVE-2026-40706) Update instructions: The problem can be corrected by updating your system to the following package versions: In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8192-2 https://ubuntu.com/security/notices/USN-8192-1 CVE-2026-40706
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnvWkMACgkQcpJm3tlz hgH4Jg/+NpT80F69OwgtQGdyczdS2Ti33RIYQU2kR5rUavWEh62ORrFKiLXrhFlA GKpcLKAXMXsLZcIzdJVOmDgdOgOOwKnSVEt348VAaPMLSWtkkOXd+HMLZEoKmfMs oGxKBCF00NLJ5v8vJiPVv5kSh/z9GO0ZVCw/bWVdjNmna3efnfurkM5a8COfXEtC pTjgf6tVflR3bZrFysm5aTWI6XES6ulxQ8I9aesCKSgVloGS0la3ZVv1sYC7/BaZ NC4Q4Z3oBbbRc0kzWYD/XgPbFjcM1+vbS3nCf//kB3othKh3i1Xn0+Kl5UeBjdT8 UfZ8dZiZ2LBflZmPiIntHI9LGffvi5rpn7f/9QeTWK0mQvIsAqstiXtY5XAmyW6P 52DVmsXuatGb+6by/ppPnGFEpeRru1phYliwZO6xMj+UIhgWWHzyB5WxL+HxPRQv uo3zAFgXFN5iK6dOqIK8OrH2O9XmEGJ4MFR/ksKLRyu3dl5sXg99TrcSEYWoR9f2 FoU9QUXKb3odCvbxm23hziOOc2CKTDF9TwDvck7St5rhp3YZp6gar+3xWBPfagci 7jcMg5XSbfhAS2eojRI12xKAUN56LGUEcN2/ElF2a58A4JNUpdctMYMYc6zH+XM9 xqOTvkaVkXLE0881sUDoZPqLnpLgFdNlYOa3GGHyocn+ZcfMnMY= =WBQa -----END PGP SIGNATURE-----