SUSE-SU-2021:2965-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20212965-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:2965-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:2965-1
Related
Published
2021-09-07T07:48:15Z
Modified
2021-09-07T07:48:15Z
Summary
Security update for ntfs-3g_ntfsprogs
Details

This update for ntfs-3g_ntfsprogs fixes the following issues:

Update to version 2021.8.22 (bsc#1189720):

  • Signalled support of UTIME_OMIT to external libfuse2
  • Updated the repository change in the README
  • Fixed vulnerability threats caused by maliciously tampered NTFS partitions
  • Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263.

Changes in version 2017.3.23:

  • Delegated processing of special reparse points to external plugins
  • Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
  • Enabled fallback to read-only mount when the volume is hibernated
  • Made a full check for whether an extended attribute is allowed
  • Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap)
  • Enabled encoding broken UTF-16 into broken UTF-8
  • Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev>
  • Allowed using the full library API on systems without extended attributes support
  • Fixed DISABLE_PLUGINS as the condition for not using plugins
  • Corrected validation of multi sector transfer protected records
  • Denied creating/removing files from $Extend
  • Returned the size of locale encoded target as the size of symlinks

Changes in version 2016.2.22:

  • Changes to NTFS-3G driver:

    • Write as much data as possible in compressed attribute pwrite
    • Fixed getting space for making an index non resident
    • Alleviated constraints relative to reparse points
    • Fixed special case of decompressing a runlist
    • Fixed returning the trimming count to fstrim()
    • Fixed the range of valid subauthority counts in a SID
    • Updated the read-only flag even when the security attribute was cached
    • Defended against reusing data from an invalid MFT record
    • Simplified NTFS ACLs when group same as owner and same permission as world
    • Packed/unpacked st_rdev transported as 32-bits on Solaris 64-bits
    • Zero uninitialized bytes before writing compressed data
    • Clear the environment when starting mount or umount
    • Implemented rewinding a directory in lowntfs-3g
    • Use incremental offsets when reading a directory in lowntfs-3g
  • Changes to mkntfs:

    • Make installing mkntfs /sbin symlinks dependent on ENABLEMOUNTHELPER
    • Mention the starting sector when it overflows in mkntfs
    • Upgraded the upper-case table to same as Windows 7, 8 and 10
  • Changes to ntfsresize:

    • Fixed relocating the MFT runlists
    • Decode the full list of bad clusters
    • Fixed resizing an extended bad cluster list
  • Changes to ntfsclone:

    • Decoded the full list of bad clusters
  • Changes to ntfsinfo:

    • Displayed reparse point information
  • Changes to ntfsdecrypt:

    • Fixed DESX decryption
  • Changes to ntfswipe:

    • Added clarifications about several options to the manual
  • New ntfsprogs tool:

    • Included ntfsrecover to recover the updates committed by Windows (experimental)
  • Overall:

    • Made a general cleanup of endianness types for easier checks

Changes in version 2015.3.14:

  • ntfs-3g: Fixed inserting a new ACL after wiping out by chkdsk
  • ntfs-3g: Fixed Windows-type inheritance
  • ntfs-3g: Fixed ignoring the umask mount option when permissions are used
  • ntfs-3g: Fixed checking permissions when Posix ACLs are compiled in but not enabled
  • ntfs-3g: Disabled option remove_hiberfile on read-only mounts
  • ntfs-3g: Implemented an extended attribute to get/set EAs
  • ntfs-3g: Avoid full runlist updating in more situations
  • ntfs-3g: Update ctime after setting an ACL
  • ntfs-3g: Use MFT record 15 for the first extent to MFT:DATA
  • ntfs-3g: Ignore the sloppy mount option (-s)
  • ntfs-3g: Implemented FITRIM (fstrim) ioctl
  • ntfs-3g: Reengineered the compression algorithm
  • ntfsprogs: Added manuals for ntfsdecrypt, ntfswipe, ntfstruncate and ntfsfallocate
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 12 SP5 / ntfs-3g_ntfsprogs

Package

Name
ntfs-3g_ntfsprogs
Purl
purl:rpm/suse/ntfs-3g_ntfsprogs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2021.8.22-5.9.1

Ecosystem specific

{
    "binaries": [
        {
            "libntfs-3g84": "2021.8.22-5.9.1",
            "libntfs-3g-devel": "2021.8.22-5.9.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 SP5 / ntfs-3g_ntfsprogs

Package

Name
ntfs-3g_ntfsprogs
Purl
purl:rpm/suse/ntfs-3g_ntfsprogs&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2021.8.22-5.9.1

Ecosystem specific

{
    "binaries": [
        {
            "ntfs-3g": "2021.8.22-5.9.1",
            "libntfs-3g84": "2021.8.22-5.9.1",
            "ntfsprogs": "2021.8.22-5.9.1"
        }
    ]
}