An update that fixes 21 vulnerabilities is now available.
Description:
This update for ntfs-3g_ntfsprogs fixes the following issues:
Update to version 2021.8.22 (bsc#1189720):
- Fixed compile error when building with libfuse < 2.8.0
- Fixed obsolete macros in configure.ac
- Signalled support of UTIME_OMIT to external libfuse2
- Fixed an improper macro usage in ntfscp.c
- Updated the repository change in the README
- Fixed vulnerability threats caused by maliciously tampered NTFS
partitions
- Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287,
CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268,
CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253,
CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257,
CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261,
CVE-2021-39262, CVE-2021-39263.
- Library soversion is now 89
- Changes in version 2017.3.23
- Delegated processing of special reparse points to external plugins
- Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
- Enabled fallback to read-only mount when the volume is hibernated
- Made a full check for whether an extended attribute is allowed
- Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and
ntfsusermap)
- Enabled encoding broken UTF-16 into broken UTF-8
- Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev>
- Allowed using the full library API on systems without extended
attributes support
- Fixed DISABLE_PLUGINS as the condition for not using plugins
- Corrected validation of multi sector transfer protected records
- Denied creating/removing files from $Extend
- Returned the size of locale encoded target as the size of symlinks
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: