openSUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1244-1 Rating: important References: #1189720 Cross-References: CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263
CVSS scores: CVE-2019-9755 (NVD) : 7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-9755 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that fixes 21 vulnerabilities is now available.
Description:
This update for ntfs-3g_ntfsprogs fixes the following issues:
Update to version 2021.8.22 (bsc#1189720):
* Fixed compile error when building with libfuse < 2.8.0 * Fixed obsolete macros in configure.ac * Signalled support of UTIME_OMIT to external libfuse2 * Fixed an improper macro usage in ntfscp.c * Updated the repository change in the README * Fixed vulnerability threats caused by maliciously tampered NTFS partitions * Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263.
- Library soversion is now 89
* Changes in version 2017.3.23 * Delegated processing of special reparse points to external plugins * Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs * Enabled fallback to read-only mount when the volume is hibernated * Made a full check for whether an extended attribute is allowed * Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap) * Enabled encoding broken UTF-16 into broken UTF-8 * Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev> * Allowed using the full library API on systems without extended attributes support * Fixed DISABLE_PLUGINS as the condition for not using plugins * Corrected validation of multi sector transfer protected records * Denied creating/removing files from $Extend * Returned the size of locale encoded target as the size of symlinks
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1244=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
libntfs-3g-devel-2021.8.22-lp152.5.3.1 libntfs-3g87-2021.8.22-lp152.5.3.1 libntfs-3g87-debuginfo-2021.8.22-lp152.5.3.1 ntfs-3g-2021.8.22-lp152.5.3.1 ntfs-3g-debuginfo-2021.8.22-lp152.5.3.1 ntfs-3g_ntfsprogs-debuginfo-2021.8.22-lp152.5.3.1 ntfs-3g_ntfsprogs-debugsource-2021.8.22-lp152.5.3.1 ntfsprogs-2021.8.22-lp152.5.3.1 ntfsprogs-debuginfo-2021.8.22-lp152.5.3.1 ntfsprogs-extra-2021.8.22-lp152.5.3.1 ntfsprogs-extra-debuginfo-2021.8.22-lp152.5.3.1
References:
https://www.suse.com/security/cve/CVE-2019-9755.html https://www.suse.com/security/cve/CVE-2021-33285.html https://www.suse.com/security/cve/CVE-2021-33286.html https://www.suse.com/security/cve/CVE-2021-33287.html https://www.suse.com/security/cve/CVE-2021-33289.html https://www.suse.com/security/cve/CVE-2021-35266.html https://www.suse.com/security/cve/CVE-2021-35267.html https://www.suse.com/security/cve/CVE-2021-35268.html https://www.suse.com/security/cve/CVE-2021-35269.html https://www.suse.com/security/cve/CVE-2021-39251.html https://www.suse.com/security/cve/CVE-2021-39252.html https://www.suse.com/security/cve/CVE-2021-39253.html https://www.suse.com/security/cve/CVE-2021-39255.html https://www.suse.com/security/cve/CVE-2021-39256.html https://www.suse.com/security/cve/CVE-2021-39257.html https://www.suse.com/security/cve/CVE-2021-39258.html https://www.suse.com/security/cve/CVE-2021-39259.html https://www.suse.com/security/cve/CVE-2021-39260.html https://www.suse.com/security/cve/CVE-2021-39261.html https://www.suse.com/security/cve/CVE-2021-39262.html https://www.suse.com/security/cve/CVE-2021-39263.html https://bugzilla.suse.com/1189720
security-announce@lists.opensuse.org