Fedora 33: ntfs-3g 2021-e7c8ba6301
Summary
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS
driver for Linux and many other operating systems. It provides safe
handling of the Windows XP, Windows Server 2003, Windows 2000, Windows
Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can
create, remove, rename, move files, directories, hard links, and streams;
it can read and write normal and transparently compressed files, including
streams and sparse files; it can handle special files like symbolic links,
devices, and FIFOs, ACL, extended attributes; moreover it provides full
file access right and ownership support.
Fix issue with incorrect obsoletes.
* Wed Sep 8 2021 Tom Callaway
- remove incorrect obsoletes
[ 1 ] Bug #2001608 - CVE-2021-33285 ntfs3g: when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur.
https://bugzilla.redhat.com/show_bug.cgi?id=2001608
[ 2 ] Bug #2001613 - CVE-2021-33287 ntfs-3g: When specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur
https://bugzilla.redhat.com/show_bug.cgi?id=2001613
[ 3 ] Bug #2001616 - CVE-2021-33289 ntfs-3g: When a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur
https://bugzilla.redhat.com/show_bug.cgi?id=2001616
[ 4 ] Bug #2001619 - CVE-2021-35266 ntfs-3g: When a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur
https://bugzilla.redhat.com/show_bug.cgi?id=2001619
[ 5 ] Bug #2001621 - CVE-2021-35267 ntfs-3g: A stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution
https://bugzilla.redhat.com/show_bug.cgi?id=2001621
[ 6 ] Bug #2001623 - CVE-2021-35268 ntfs-3g: When a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur
https://bugzilla.redhat.com/show_bug.cgi?id=2001623
[ 7 ] Bug #2001645 - CVE-2021-35269 ntfs-3g: when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur
https://bugzilla.redhat.com/show_bug.cgi?id=2001645
[ 8 ] Bug #2001649 - CVE-2021-39251 ntfs-3g: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open
https://bugzilla.redhat.com/show_bug.cgi?id=2001649
[ 9 ] Bug #2001650 - CVE-2021-39252 ntfs-3g: A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup
https://bugzilla.redhat.com/show_bug.cgi?id=2001650
[ 10 ] Bug #2001651 - CVE-2021-39253 ntfs-3g: A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i
https://bugzilla.redhat.com/show_bug.cgi?id=2001651
[ 11 ] Bug #2001652 - CVE-2021-39254 ntfs-3g: A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2001652
su -c 'dnf upgrade --advisory FEDORA-2021-e7c8ba6301' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FEDORA-2021-e7c8ba6301 2021-09-23 19:28:47.071848 Product : Fedora 33 Version : 2021.8.22 Release : 2.fc33 URL : https://www.tuxera.com/company/open-source/ Summary : Linux NTFS userspace driver Description : NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove, rename, move files, directories, hard links, and streams; it can read and write normal and transparently compressed files, including streams and sparse files; it can handle special files like symbolic links, devices, and FIFOs, ACL, extended attributes; moreover it provides full file access right and ownership support. Fix issue with incorrect obsoletes. * Wed Sep 8 2021 Tom Callaway - 2:2021.8.22-2 - remove incorrect obsoletes [ 1 ] Bug #2001608 - CVE-2021-33285 ntfs3g: when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur. https://bugzilla.redhat.com/show_bug.cgi?id=2001608 [ 2 ] Bug #2001613 - CVE-2021-33287 ntfs-3g: When specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur https://bugzilla.redhat.com/show_bug.cgi?id=2001613 [ 3 ] Bug #2001616 - CVE-2021-33289 ntfs-3g: When a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur https://bugzilla.redhat.com/show_bug.cgi?id=2001616 [ 4 ] Bug #2001619 - CVE-2021-35266 ntfs-3g: When a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur https://bugzilla.redhat.com/show_bug.cgi?id=2001619 [ 5 ] Bug #2001621 - CVE-2021-35267 ntfs-3g: A stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution https://bugzilla.redhat.com/show_bug.cgi?id=2001621 [ 6 ] Bug #2001623 - CVE-2021-35268 ntfs-3g: When a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur https://bugzilla.redhat.com/show_bug.cgi?id=2001623 [ 7 ] Bug #2001645 - CVE-2021-35269 ntfs-3g: when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur https://bugzilla.redhat.com/show_bug.cgi?id=2001645 [ 8 ] Bug #2001649 - CVE-2021-39251 ntfs-3g: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open https://bugzilla.redhat.com/show_bug.cgi?id=2001649 [ 9 ] Bug #2001650 - CVE-2021-39252 ntfs-3g: A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup https://bugzilla.redhat.com/show_bug.cgi?id=2001650 [ 10 ] Bug #2001651 - CVE-2021-39253 ntfs-3g: A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i https://bugzilla.redhat.com/show_bug.cgi?id=2001651 [ 11 ] Bug #2001652 - CVE-2021-39254 ntfs-3g: A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=2001652 su -c 'dnf upgrade --advisory FEDORA-2021-e7c8ba6301' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Change Log
References