openSUSE-SU-2021:1244-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1244-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2021:1244-1
Related
Published
2021-09-09T06:21:47Z
Modified
2021-09-09T06:21:47Z
Summary
Security update for ntfs-3g_ntfsprogs
Details

This update for ntfs-3g_ntfsprogs fixes the following issues:

Update to version 2021.8.22 (bsc#1189720):

  • Fixed compile error when building with libfuse < 2.8.0
  • Fixed obsolete macros in configure.ac
  • Signalled support of UTIME_OMIT to external libfuse2
  • Fixed an improper macro usage in ntfscp.c
  • Updated the repository change in the README
  • Fixed vulnerability threats caused by maliciously tampered NTFS partitions
  • Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263.

  • Library soversion is now 89

  • Changes in version 2017.3.23

  • Delegated processing of special reparse points to external plugins
  • Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
  • Enabled fallback to read-only mount when the volume is hibernated
  • Made a full check for whether an extended attribute is allowed
  • Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap)
  • Enabled encoding broken UTF-16 into broken UTF-8
  • Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev>
  • Allowed using the full library API on systems without extended attributes support
  • Fixed DISABLE_PLUGINS as the condition for not using plugins
  • Corrected validation of multi sector transfer protected records
  • Denied creating/removing files from $Extend
  • Returned the size of locale encoded target as the size of symlinks

This update was imported from the SUSE:SLE-15:Update update project.

References

Affected packages

openSUSE:Leap 15.2 / ntfs-3g_ntfsprogs

Package

Name
ntfs-3g_ntfsprogs
Purl
purl:rpm/suse/ntfs-3g_ntfsprogs&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2021.8.22-lp152.5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "ntfs-3g": "2021.8.22-lp152.5.3.1",
            "libntfs-3g-devel": "2021.8.22-lp152.5.3.1",
            "libntfs-3g87": "2021.8.22-lp152.5.3.1",
            "ntfsprogs-extra": "2021.8.22-lp152.5.3.1",
            "ntfsprogs": "2021.8.22-lp152.5.3.1"
        }
    ]
}