Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 34: 2021-09-04 Moderate Update for NTFS-3G Buffer Overflow

fedora
Calendar Grey September 4, 2021
Dist Fedora Esm H88
Patch release for Fedora 34 focusing on resolving various problems related to NTFS-3G compression capabilities and enhancing overall security measures.
Update NTFS-3G to 2021.8.22 to fix multiple CVEs ---- New upstream development version 1.45.7

Summary

System compression, also known as "Compact OS", is a Windows feature that

allows rarely modified files to be compressed using the XPRESS or LZX

compression formats. It is not built directly into NTFS but rather is

implemented using reparse points. This feature appeared in Windows 10 and it

appears that many Windows 10 systems have been using it by default.

This RPM contains a plugin which enables the NTFS-3G FUSE driver to

transparently read from system-compressed files. Currently, only reading is

supported. Compressing an existing file may be done by using the "compact"

utility on Windows.

Update NTFS-3G to 2021.8.22 to fix multiple CVEs ---- New upstream development

version 1.45.7. ---- Upstream patch to work with qemu 6.1 (RHBZ#1998820)

* Tue Aug 31 2021 Richard W.M. Jones - 1.0-7

- Rebuild for updated ntfs-3g CVE (RHBZ#1999788)

* Thu Jul 22 2021 Fedora Release Engineering - 1.0-6

- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

[ 1 ] Bug #1998820 - libguestfs breaks with qemu 6.1 with error "Backing file specified without backing format"

https://bugzilla.redhat.com/show_bug.cgi?id=1998820

[ 2 ] Bug #1999788 - ntfs-3g: Multiple buffer overflows in all versions [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1999788

[ 3 ] Bug #1999869 - ntfs-3g-2021.8.22 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1999869

su -c 'dnf upgrade --advisory FEDORA-2021-c0235d9d79' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory moderate buffer overflow software update Fedora NTFS-3G system compression

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 1.0
Release: 7.fc34
URL: https://github.com/ebiggers/ntfs-3g-system-compression
Summary: NTFS-3G plugin for reading "system compressed" files

Topics%20covered

Topics Covered

security advisory moderate buffer overflow software update Fedora NTFS-3G system compression

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here