|Version||1:2014.2.15AR.2-1+deb8u7 (jessie), 1:2016.2.22AR.1+dfsg-1+deb9u4 (stretch)|
Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a read-write NTFS driver for FUSE, due to incorrect validation of some of the NTFS metadata. A local user can take advantage of this flaw for local root privilege escalation.
For Debian 8 jessie, these problems have been fixed in version 1:2014.2.15AR.2-1+deb8u7.
For Debian 9 stretch, these problems have been fixed in version 1:2016.2.22AR.1+dfsg-1+deb9u4.
We recommend that you upgrade your ntfs-3g packages.
Further information about Extended LTS security advisories can be found at: debian Extended Long term support