Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3016
Security update for ntfs-3g_ntfsprogs
8 September 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ntfs-3g_ntfsprogs
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-39263 CVE-2021-39262 CVE-2021-39261
CVE-2021-39260 CVE-2021-39259 CVE-2021-39258
CVE-2021-39257 CVE-2021-39256 CVE-2021-39255
CVE-2021-39253 CVE-2021-39252 CVE-2021-39251
CVE-2021-35269 CVE-2021-35268 CVE-2021-35267
CVE-2021-35266 CVE-2021-33289 CVE-2021-33287
CVE-2021-33286 CVE-2021-33285 CVE-2019-9755
CVE-2017-0358
Reference: ESB-2019.4151
ESB-2019.1398
ESB-2019.0922.2
ESB-2018.3421.2
ESB-2017.0308
ESB-2017.0302
Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20212965-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212971-1
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for ntfs-3g_ntfsprogs
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2965-1
Rating: important
References: #1189720
Cross-References: CVE-2017-0358 CVE-2019-9755 CVE-2021-33285 CVE-2021-33286
CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267
CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252
CVE-2021-39253 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257
CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261
CVE-2021-39262 CVE-2021-39263
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes 22 vulnerabilities is now available.
Description:
This update for ntfs-3g_ntfsprogs fixes the following issues:
Update to version 2021.8.22 (bsc#1189720):
o Signalled support of UTIME_OMIT to external libfuse2
o Updated the repository change in the README
o Fixed vulnerability threats caused by maliciously tampered NTFS partitions
o Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287,
CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268,
CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253,
CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257,
CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261,
CVE-2021-39262, CVE-2021-39263.
Changes in version 2017.3.23:
o Delegated processing of special reparse points to external plugins
o Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
o Enabled fallback to read-only mount when the volume is hibernated
o Made a full check for whether an extended attribute is allowed
o Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap)
o Enabled encoding broken UTF-16 into broken UTF-8
o Autoconfigured selecting vs
o Allowed using the full library API on systems without extended attributes
support
o Fixed DISABLE_PLUGINS as the condition for not using plugins
o Corrected validation of multi sector transfer protected records
o Denied creating/removing files from $Extend
o Returned the size of locale encoded target as the size of symlinks
Changes in version 2016.2.22:
o Changes to NTFS-3G driver:
- - Write as much data as possible in compressed attribute pwrite - Fixed getting
space for making an index non resident - Alleviated constraints relative to
reparse points - Fixed special case of decompressing a runlist - Fixed
returning the trimming count to fstrim() - Fixed the range of valid
subauthority counts in a SID - Updated the read-only flag even when the
security attribute was cached - Defended against reusing data from an invalid
MFT record - Simplified NTFS ACLs when group same as owner and same permission
as world - Packed/unpacked st_rdev transported as 32-bits on Solaris 64-bits -
Zero uninitialized bytes before writing compressed data - Clear the environment
when starting mount or umount - Implemented rewinding a directory in lowntfs-3g
- - Use incremental offsets when reading a directory in lowntfs-3g
o Changes to mkntfs:
- - Make installing mkntfs /sbin symlinks dependent on ENABLE_MOUNT_HELPER -
Mention the starting sector when it overflows in mkntfs - Upgraded the
upper-case table to same as Windows 7, 8 and 10
o Changes to ntfsresize:
- - Fixed relocating the MFT runlists - Decode the full list of bad clusters -
Fixed resizing an extended bad cluster list
o Changes to ntfsclone:
- - Decoded the full list of bad clusters
o Changes to ntfsinfo:
- - Displayed reparse point information
o Changes to ntfsdecrypt:
- - Fixed DESX decryption
o Changes to ntfswipe:
- - Added clarifications about several options to the manual
o New ntfsprogs tool:
- - Included ntfsrecover to recover the updates committed by Windows
(experimental)
o Overall: - Made a general cleanup of endianness types for easier checks
Changes in version 2015.3.14:
o ntfs-3g: Fixed inserting a new ACL after wiping out by chkdsk
o ntfs-3g: Fixed Windows-type inheritance
o ntfs-3g: Fixed ignoring the umask mount option when permissions are used
o ntfs-3g: Fixed checking permissions when Posix ACLs are compiled in but not
enabled
o ntfs-3g: Disabled option remove_hiberfile on read-only mounts
o ntfs-3g: Implemented an extended attribute to get/set EAs
o ntfs-3g: Avoid full runlist updating in more situations
o ntfs-3g: Update ctime after setting an ACL
o ntfs-3g: Use MFT record 15 for the first extent to MFT:DATA
o ntfs-3g: Ignore the sloppy mount option (-s)
o ntfs-3g: Implemented FITRIM (fstrim) ioctl
o ntfs-3g: Reengineered the compression algorithm
o ntfsprogs: Added manuals for ntfsdecrypt, ntfswipe, ntfstruncate and
ntfsfallocate
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2965=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2965=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
libntfs-3g84-2021.8.22-5.9.1
libntfs-3g84-debuginfo-2021.8.22-5.9.1
ntfs-3g-2021.8.22-5.9.1
ntfs-3g-debuginfo-2021.8.22-5.9.1
ntfs-3g_ntfsprogs-debugsource-2021.8.22-5.9.1
ntfsprogs-2021.8.22-5.9.1
ntfsprogs-debuginfo-2021.8.22-5.9.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
libntfs-3g-devel-2021.8.22-5.9.1
libntfs-3g84-2021.8.22-5.9.1
libntfs-3g84-debuginfo-2021.8.22-5.9.1
ntfs-3g_ntfsprogs-debugsource-2021.8.22-5.9.1
References:
o https://www.suse.com/security/cve/CVE-2017-0358.html
o https://www.suse.com/security/cve/CVE-2019-9755.html
o https://www.suse.com/security/cve/CVE-2021-33285.html
o https://www.suse.com/security/cve/CVE-2021-33286.html
o https://www.suse.com/security/cve/CVE-2021-33287.html
o https://www.suse.com/security/cve/CVE-2021-33289.html
o https://www.suse.com/security/cve/CVE-2021-35266.html
o https://www.suse.com/security/cve/CVE-2021-35267.html
o https://www.suse.com/security/cve/CVE-2021-35268.html
o https://www.suse.com/security/cve/CVE-2021-35269.html
o https://www.suse.com/security/cve/CVE-2021-39251.html
o https://www.suse.com/security/cve/CVE-2021-39252.html
o https://www.suse.com/security/cve/CVE-2021-39253.html
o https://www.suse.com/security/cve/CVE-2021-39255.html
o https://www.suse.com/security/cve/CVE-2021-39256.html
o https://www.suse.com/security/cve/CVE-2021-39257.html
o https://www.suse.com/security/cve/CVE-2021-39258.html
o https://www.suse.com/security/cve/CVE-2021-39259.html
o https://www.suse.com/security/cve/CVE-2021-39260.html
o https://www.suse.com/security/cve/CVE-2021-39261.html
o https://www.suse.com/security/cve/CVE-2021-39262.html
o https://www.suse.com/security/cve/CVE-2021-39263.html
o https://bugzilla.suse.com/1189720
- ------------------------------------------------------------------------------
SUSE Security Update: Security update for ntfs-3g_ntfsprogs
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2971-1
Rating: important
References: #1189720
Cross-References: CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287
CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268
CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253
CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258
CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262
CVE-2021-39263
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP2
______________________________________________________________________________
An update that fixes 21 vulnerabilities is now available.
Description:
This update for ntfs-3g_ntfsprogs fixes the following issues:
Update to version 2021.8.22 (bsc#1189720):
o Fixed compile error when building with libfuse < 2.8.0
o Fixed obsolete macros in configure.ac
o Signalled support of UTIME_OMIT to external libfuse2
o Fixed an improper macro usage in ntfscp.c
o Updated the repository change in the README
o Fixed vulnerability threats caused by maliciously tampered NTFS partitions
o Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287,
CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268,
CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253,
CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257,
CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261,
CVE-2021-39262, CVE-2021-39263.
o Library soversion is now 89
o Changes in version 2017.3.23
o Delegated processing of special reparse points to external plugins
o Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
o Enabled fallback to read-only mount when the volume is hibernated
o Made a full check for whether an extended attribute is allowed
o Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap)
o Enabled encoding broken UTF-16 into broken UTF-8
o Autoconfigured selecting vs
o Allowed using the full library API on systems without extended attributes
support
o Fixed DISABLE_PLUGINS as the condition for not using plugins
o Corrected validation of multi sector transfer protected records
o Denied creating/removing files from $Extend
o Returned the size of locale encoded target as the size of symlinks
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2971=1
o SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2971=1
Package List:
o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
libntfs-3g-devel-2021.8.22-3.8.1
libntfs-3g87-2021.8.22-3.8.1
libntfs-3g87-debuginfo-2021.8.22-3.8.1
ntfs-3g-2021.8.22-3.8.1
ntfs-3g-debuginfo-2021.8.22-3.8.1
ntfs-3g_ntfsprogs-debuginfo-2021.8.22-3.8.1
ntfs-3g_ntfsprogs-debugsource-2021.8.22-3.8.1
ntfsprogs-2021.8.22-3.8.1
ntfsprogs-debuginfo-2021.8.22-3.8.1
o SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
libntfs-3g-devel-2021.8.22-3.8.1
libntfs-3g87-2021.8.22-3.8.1
libntfs-3g87-debuginfo-2021.8.22-3.8.1
ntfs-3g-2021.8.22-3.8.1
ntfs-3g-debuginfo-2021.8.22-3.8.1
ntfs-3g_ntfsprogs-debuginfo-2021.8.22-3.8.1
ntfs-3g_ntfsprogs-debugsource-2021.8.22-3.8.1
ntfsprogs-2021.8.22-3.8.1
ntfsprogs-debuginfo-2021.8.22-3.8.1
References:
o https://www.suse.com/security/cve/CVE-2019-9755.html
o https://www.suse.com/security/cve/CVE-2021-33285.html
o https://www.suse.com/security/cve/CVE-2021-33286.html
o https://www.suse.com/security/cve/CVE-2021-33287.html
o https://www.suse.com/security/cve/CVE-2021-33289.html
o https://www.suse.com/security/cve/CVE-2021-35266.html
o https://www.suse.com/security/cve/CVE-2021-35267.html
o https://www.suse.com/security/cve/CVE-2021-35268.html
o https://www.suse.com/security/cve/CVE-2021-35269.html
o https://www.suse.com/security/cve/CVE-2021-39251.html
o https://www.suse.com/security/cve/CVE-2021-39252.html
o https://www.suse.com/security/cve/CVE-2021-39253.html
o https://www.suse.com/security/cve/CVE-2021-39255.html
o https://www.suse.com/security/cve/CVE-2021-39256.html
o https://www.suse.com/security/cve/CVE-2021-39257.html
o https://www.suse.com/security/cve/CVE-2021-39258.html
o https://www.suse.com/security/cve/CVE-2021-39259.html
o https://www.suse.com/security/cve/CVE-2021-39260.html
o https://www.suse.com/security/cve/CVE-2021-39261.html
o https://www.suse.com/security/cve/CVE-2021-39262.html
o https://www.suse.com/security/cve/CVE-2021-39263.html
o https://bugzilla.suse.com/1189720
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYTgtQuNLKJtyKPYoAQhMRRAApULb2vPYiAsFLZ2arL7aVlO9KHRme01T
mika2T7/gXxwNRY13aQ3lqz6f9Vk7VbaF9DEG2Kf76fUTouT2DjUCUlpH0XsiplQ
YdtYnzFW7YfHMVgCAEKIibb7kvtKo2y421yWst7Rz4izWOi/8DuautNc7drvb74M
rNpXLBcV5LW6zpTtBsSxHPWUL426YDPHQ4BEssjkJGq5PJV6714TpOwV4sGkqGq9
fJS/xcB6IKTm1oEj7dXbac+/sSqLIKs5dQ0w/zg1+TCyYzblPiS58cjkCpE5F7P8
b5tU1mUfdKmABKh+GdDqiGhabBQR7Her0TbeJSsMgF6QqlGZnZV4HcxmpNs3Ae+/
/wQZj8WzQvHSSQyGQBf9xcvtbIbzvyy9LAiAtRPtdd6BqcP0c09clVzZIVy1H8w4
fbUT32V0nd2neRN53miaWUUH/yWCU1FEIvDueRW40CtM+gB3UTBApmjnBQH87eVw
4AEpACj/LH+/buaH1UH7e62ufqFDsC40Ys+qsJRuqs4ekWCIOLzzhFijs9p8VBej
GuACBYlyR0ZmN9BmU2TvvlsLGQ8vJeTWd/3RFE/RAxcU5qmkIvvqSfbeIfHl6SvL
AZ11+1eeWiYQzC0dIqcDoW4oubgZZ1p6RnVGQ6d9agikclK5mfc4Azh8SOIS73wR
m3LRsX7pH9M=
=ILE8
-----END PGP SIGNATURE-----