Lucene search

K
suseSuseOPENSUSE-SU-2021:1244-1
HistorySep 09, 2021 - 12:00 a.m.

Security update for ntfs-3g_ntfsprogs (important)

2021-09-0900:00:00
lists.opensuse.org
33

0.001 Low

EPSS

Percentile

36.5%

An update that fixes 21 vulnerabilities is now available.

Description:

This update for ntfs-3g_ntfsprogs fixes the following issues:

Update to version 2021.8.22 (bsc#1189720):

  • Fixed compile error when building with libfuse < 2.8.0
  • Fixed obsolete macros in configure.ac
  • Signalled support of UTIME_OMIT to external libfuse2
  • Fixed an improper macro usage in ntfscp.c
  • Updated the repository change in the README
  • Fixed vulnerability threats caused by maliciously tampered NTFS
    partitions
  • Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287,
    CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268,
    CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253,
    CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257,
    CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261,
    CVE-2021-39262, CVE-2021-39263.
  • Library soversion is now 89
  • Changes in version 2017.3.23
  • Delegated processing of special reparse points to external plugins
  • Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
  • Enabled fallback to read-only mount when the volume is hibernated
  • Made a full check for whether an extended attribute is allowed
  • Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and
    ntfsusermap)
  • Enabled encoding broken UTF-16 into broken UTF-8
  • Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev>
  • Allowed using the full library API on systems without extended
    attributes support
  • Fixed DISABLE_PLUGINS as the condition for not using plugins
  • Corrected validation of multi sector transfer protected records
  • Denied creating/removing files from $Extend
  • Returned the size of locale encoded target as the size of symlinks

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or β€œzypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-1244=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.2i586<Β - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.i586.rpm
openSUSE Leap15.2x86_64<Β - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm