Security update for ntfs-3g_ntfsprogs

Announcement ID: SUSE-SU-2021:2965-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-0358 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-9755 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-9755 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2019-9755 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-33285 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-33286 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-33287 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-33289 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-35266 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-35267 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-35268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-35269 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39251 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39252 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39253 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39255 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39256 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39257 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-39258 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39259 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39260 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39261 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39262 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-39263 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE Linux Enterprise Software Development Kit 12 SP5
  • SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves 22 vulnerabilities can now be installed.

Description:

This update for ntfs-3g_ntfsprogs fixes the following issues:

Update to version 2021.8.22 (bsc#1189720):

  • Signalled support of UTIME_OMIT to external libfuse2
  • Updated the repository change in the README
  • Fixed vulnerability threats caused by maliciously tampered NTFS partitions
  • Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263.

Changes in version 2017.3.23:

  • Delegated processing of special reparse points to external plugins
  • Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
  • Enabled fallback to read-only mount when the volume is hibernated
  • Made a full check for whether an extended attribute is allowed
  • Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap)
  • Enabled encoding broken UTF-16 into broken UTF-8
  • Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev>
  • Allowed using the full library API on systems without extended attributes support
  • Fixed DISABLE_PLUGINS as the condition for not using plugins
  • Corrected validation of multi sector transfer protected records
  • Denied creating/removing files from $Extend
  • Returned the size of locale encoded target as the size of symlinks

Changes in version 2016.2.22:

  • Changes to NTFS-3G driver:

  • Write as much data as possible in compressed attribute pwrite

  • Fixed getting space for making an index non resident
  • Alleviated constraints relative to reparse points
  • Fixed special case of decompressing a runlist
  • Fixed returning the trimming count to fstrim()
  • Fixed the range of valid subauthority counts in a SID
  • Updated the read-only flag even when the security attribute was cached
  • Defended against reusing data from an invalid MFT record
  • Simplified NTFS ACLs when group same as owner and same permission as world
  • Packed/unpacked st_rdev transported as 32-bits on Solaris 64-bits
  • Zero uninitialized bytes before writing compressed data
  • Clear the environment when starting mount or umount
  • Implemented rewinding a directory in lowntfs-3g
  • Use incremental offsets when reading a directory in lowntfs-3g

  • Changes to mkntfs:

  • Make installing mkntfs /sbin symlinks dependent on ENABLE_MOUNT_HELPER

  • Mention the starting sector when it overflows in mkntfs
  • Upgraded the upper-case table to same as Windows 7, 8 and 10

  • Changes to ntfsresize:

  • Fixed relocating the MFT runlists

  • Decode the full list of bad clusters
  • Fixed resizing an extended bad cluster list

  • Changes to ntfsclone:

  • Decoded the full list of bad clusters

  • Changes to ntfsinfo:

  • Displayed reparse point information

  • Changes to ntfsdecrypt:

  • Fixed DESX decryption

  • Changes to ntfswipe:

  • Added clarifications about several options to the manual

  • New ntfsprogs tool:

  • Included ntfsrecover to recover the updates committed by Windows (experimental)

  • Overall:

  • Made a general cleanup of endianness types for easier checks

Changes in version 2015.3.14:

  • ntfs-3g: Fixed inserting a new ACL after wiping out by chkdsk
  • ntfs-3g: Fixed Windows-type inheritance
  • ntfs-3g: Fixed ignoring the umask mount option when permissions are used
  • ntfs-3g: Fixed checking permissions when Posix ACLs are compiled in but not enabled
  • ntfs-3g: Disabled option remove_hiberfile on read-only mounts
  • ntfs-3g: Implemented an extended attribute to get/set EAs
  • ntfs-3g: Avoid full runlist updating in more situations
  • ntfs-3g: Update ctime after setting an ACL
  • ntfs-3g: Use MFT record 15 for the first extent to MFT:DATA
  • ntfs-3g: Ignore the sloppy mount option (-s)
  • ntfs-3g: Implemented FITRIM (fstrim) ioctl
  • ntfs-3g: Reengineered the compression algorithm
  • ntfsprogs: Added manuals for ntfsdecrypt, ntfswipe, ntfstruncate and ntfsfallocate

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Software Development Kit 12 SP5
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2965=1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP5
    zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2965=1

Package List:

  • SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
    • libntfs-3g84-2021.8.22-5.9.1
    • libntfs-3g84-debuginfo-2021.8.22-5.9.1
    • ntfs-3g_ntfsprogs-debugsource-2021.8.22-5.9.1
    • libntfs-3g-devel-2021.8.22-5.9.1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
    • libntfs-3g84-2021.8.22-5.9.1
    • ntfs-3g-2021.8.22-5.9.1
    • libntfs-3g84-debuginfo-2021.8.22-5.9.1
    • ntfs-3g_ntfsprogs-debugsource-2021.8.22-5.9.1
    • ntfsprogs-debuginfo-2021.8.22-5.9.1
    • ntfsprogs-2021.8.22-5.9.1
    • ntfs-3g-debuginfo-2021.8.22-5.9.1

References: