openSUSE Security Update: Security update for ntfs-3g_ntfsprogs
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:2971-1
Rating:             important
References:         #1189720 
Cross-References:   CVE-2019-9755 CVE-2021-33285 CVE-2021-33286
                    CVE-2021-33287 CVE-2021-33289 CVE-2021-35266
                    CVE-2021-35267 CVE-2021-35268 CVE-2021-35269
                    CVE-2021-39251 CVE-2021-39252 CVE-2021-39253
                    CVE-2021-39255 CVE-2021-39256 CVE-2021-39257
                    CVE-2021-39258 CVE-2021-39259 CVE-2021-39260
                    CVE-2021-39261 CVE-2021-39262 CVE-2021-39263
                   
CVSS scores:
                    CVE-2019-9755 (NVD) : 7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-9755 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that fixes 21 vulnerabilities is now available.

Description:

   This update for ntfs-3g_ntfsprogs fixes the following issues:

   Update to version 2021.8.22 (bsc#1189720):

   * Fixed compile error when building with libfuse < 2.8.0
   * Fixed obsolete macros in configure.ac
   * Signalled support of UTIME_OMIT to external libfuse2
   * Fixed an improper macro usage in ntfscp.c
   * Updated the repository change in the README
   * Fixed vulnerability threats caused by maliciously tampered NTFS
     partitions
   * Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287,
     CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268,
     CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253,
     CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257,
     CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261,
     CVE-2021-39262, CVE-2021-39263.

   - Library soversion is now 89

   * Changes in version 2017.3.23
   * Delegated processing of special reparse points to external plugins
   * Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
   * Enabled fallback to read-only mount when the volume is hibernated
   * Made a full check for whether an extended attribute is allowed
   * Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and
     ntfsusermap)
   * Enabled encoding broken UTF-16 into broken UTF-8
   * Autoconfigured selecting  vs 
   * Allowed using the full library API on systems without extended
     attributes support
   * Fixed DISABLE_PLUGINS as the condition for not using plugins
   * Corrected validation of multi sector transfer protected records
   * Denied creating/removing files from $Extend
   * Returned the size of locale encoded target as the size of symlinks


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2021-2971=1



Package List:

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      libntfs-3g-devel-2021.8.22-3.8.1
      libntfs-3g87-2021.8.22-3.8.1
      libntfs-3g87-debuginfo-2021.8.22-3.8.1
      ntfs-3g-2021.8.22-3.8.1
      ntfs-3g-debuginfo-2021.8.22-3.8.1
      ntfs-3g_ntfsprogs-debuginfo-2021.8.22-3.8.1
      ntfs-3g_ntfsprogs-debugsource-2021.8.22-3.8.1
      ntfsprogs-2021.8.22-3.8.1
      ntfsprogs-debuginfo-2021.8.22-3.8.1
      ntfsprogs-extra-2021.8.22-3.8.1
      ntfsprogs-extra-debuginfo-2021.8.22-3.8.1


References:

   https://www.suse.com/security/cve/CVE-2019-9755.html
   https://www.suse.com/security/cve/CVE-2021-33285.html
   https://www.suse.com/security/cve/CVE-2021-33286.html
   https://www.suse.com/security/cve/CVE-2021-33287.html
   https://www.suse.com/security/cve/CVE-2021-33289.html
   https://www.suse.com/security/cve/CVE-2021-35266.html
   https://www.suse.com/security/cve/CVE-2021-35267.html
   https://www.suse.com/security/cve/CVE-2021-35268.html
   https://www.suse.com/security/cve/CVE-2021-35269.html
   https://www.suse.com/security/cve/CVE-2021-39251.html
   https://www.suse.com/security/cve/CVE-2021-39252.html
   https://www.suse.com/security/cve/CVE-2021-39253.html
   https://www.suse.com/security/cve/CVE-2021-39255.html
   https://www.suse.com/security/cve/CVE-2021-39256.html
   https://www.suse.com/security/cve/CVE-2021-39257.html
   https://www.suse.com/security/cve/CVE-2021-39258.html
   https://www.suse.com/security/cve/CVE-2021-39259.html
   https://www.suse.com/security/cve/CVE-2021-39260.html
   https://www.suse.com/security/cve/CVE-2021-39261.html
   https://www.suse.com/security/cve/CVE-2021-39262.html
   https://www.suse.com/security/cve/CVE-2021-39263.html
   https://bugzilla.suse.com/1189720

openSUSE: 2021:2971-1 important: ntfs-3g_ntfsprogs

September 7, 2021
An update that fixes 21 vulnerabilities is now available

Description

This update for ntfs-3g_ntfsprogs fixes the following issues: Update to version 2021.8.22 (bsc#1189720): * Fixed compile error when building with libfuse < 2.8.0 * Fixed obsolete macros in configure.ac * Signalled support of UTIME_OMIT to external libfuse2 * Fixed an improper macro usage in ntfscp.c * Updated the repository change in the README * Fixed vulnerability threats caused by maliciously tampered NTFS partitions * Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. - Library soversion is now 89 * Changes in version 2017.3.23 * Delegated processing of special reparse points to external plugins * Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs * Enabled fallback to read-only mount when the volume is hibernated * Made a full check for whether an extended attribute is allowed * Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap) * Enabled encoding broken UTF-16 into broken UTF-8 * Autoconfigured selecting vs * Allowed using the full library API on systems without extended attributes support * Fixed DISABLE_PLUGINS as the condition for not using plugins * Corrected validation of multi sector transfer protected records * Denied creating/removing files from $Extend * Returned the size of locale encoded target as the size of symlinks

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2971=1


Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2021.8.22-3.8.1 libntfs-3g87-2021.8.22-3.8.1 libntfs-3g87-debuginfo-2021.8.22-3.8.1 ntfs-3g-2021.8.22-3.8.1 ntfs-3g-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debugsource-2021.8.22-3.8.1 ntfsprogs-2021.8.22-3.8.1 ntfsprogs-debuginfo-2021.8.22-3.8.1 ntfsprogs-extra-2021.8.22-3.8.1 ntfsprogs-extra-debuginfo-2021.8.22-3.8.1


References

https://www.suse.com/security/cve/CVE-2019-9755.html https://www.suse.com/security/cve/CVE-2021-33285.html https://www.suse.com/security/cve/CVE-2021-33286.html https://www.suse.com/security/cve/CVE-2021-33287.html https://www.suse.com/security/cve/CVE-2021-33289.html https://www.suse.com/security/cve/CVE-2021-35266.html https://www.suse.com/security/cve/CVE-2021-35267.html https://www.suse.com/security/cve/CVE-2021-35268.html https://www.suse.com/security/cve/CVE-2021-35269.html https://www.suse.com/security/cve/CVE-2021-39251.html https://www.suse.com/security/cve/CVE-2021-39252.html https://www.suse.com/security/cve/CVE-2021-39253.html https://www.suse.com/security/cve/CVE-2021-39255.html https://www.suse.com/security/cve/CVE-2021-39256.html https://www.suse.com/security/cve/CVE-2021-39257.html https://www.suse.com/security/cve/CVE-2021-39258.html https://www.suse.com/security/cve/CVE-2021-39259.html https://www.suse.com/security/cve/CVE-2021-39260.html https://www.suse.com/security/cve/CVE-2021-39261.html https://www.suse.com/security/cve/CVE-2021-39262.html https://www.suse.com/security/cve/CVE-2021-39263.html https://bugzilla.suse.com/1189720


Severity
Announcement ID: openSUSE-SU-2021:2971-1
Rating: important
Affected Products: openSUSE Leap 15.3 .

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved