Lucene search

K
suseSuseOPENSUSE-SU-2021:2971-1
HistorySep 07, 2021 - 12:00 a.m.

Security update for ntfs-3g_ntfsprogs (important)

2021-09-0700:00:00
lists.opensuse.org
40

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

An update that fixes 21 vulnerabilities is now available.

Description:

This update for ntfs-3g_ntfsprogs fixes the following issues:

Update to version 2021.8.22 (bsc#1189720):

  • Fixed compile error when building with libfuse < 2.8.0
  • Fixed obsolete macros in configure.ac
  • Signalled support of UTIME_OMIT to external libfuse2
  • Fixed an improper macro usage in ntfscp.c
  • Updated the repository change in the README
  • Fixed vulnerability threats caused by maliciously tampered NTFS
    partitions
  • Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287,
    CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268,
    CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253,
    CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257,
    CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261,
    CVE-2021-39262, CVE-2021-39263.
  • Library soversion is now 89
  • Changes in version 2017.3.23
  • Delegated processing of special reparse points to external plugins
  • Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
  • Enabled fallback to read-only mount when the volume is hibernated
  • Made a full check for whether an extended attribute is allowed
  • Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and
    ntfsusermap)
  • Enabled encoding broken UTF-16 into broken UTF-8
  • Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev>
  • Allowed using the full library API on systems without extended
    attributes support
  • Fixed DISABLE_PLUGINS as the condition for not using plugins
  • Corrected validation of multi sector transfer protected records
  • Denied creating/removing files from $Extend
  • Returned the size of locale encoded target as the size of symlinks

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2021-2971=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C