14 DAY TRIAL // Details about an NTFS-3G vulnerability that has been found and fixed in Ubuntu 15.04 (Vivid Vervet) have been published by Canonical in a security notice.
The Ubuntu maintainers have upgraded the ntfs-3g packages in order to correct a small problem. As it turns out, NTFS-3G could have been made to overwrite files as the administrator.
"USN-2617-1 fixed a vulnerability in FUSE. This update provides the corresponding fix for the embedded FUSE copy in NTFS-3G. Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges," reads the security notice.
For a more detailed description of the problems, you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible, although this is not a major problem
The flaws can be fixed if you upgrade your system to the latest ntfs-3g package. To apply the patch, users will have to run the Update Manager application. In general, a standard system update will make all the necessary changes, and there is no need for a restart.
You can also use the terminal and enter the following commands (you will need to be root in order to make it work):
sudo apt-get dist-upgrade