[SECURITY] Fedora EPEL 8 Update: ntfs-3g-2021.8.22-2.el8

Thu, 16 Sep 2021 11:20:54 -0700 

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2021-bb15ff6d4d
2021-09-16 18:19:20.239806
--------------------------------------------------------------------------------

Name        : ntfs-3g
Product     : Fedora EPEL 8
Version     : 2021.8.22
Release     : 2.el8
URL         : https://www.tuxera.com/company/open-source/
Summary     : Linux NTFS userspace driver
Description :
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS
driver for Linux and many other operating systems. It provides safe
handling of the Windows XP, Windows Server 2003, Windows 2000, Windows
Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can
create, remove, rename, move files, directories, hard links, and streams;
it can read and write normal and transparently compressed files, including
streams and sparse files; it can handle special files like symbolic links,
devices, and FIFOs, ACL, extended attributes; moreover it provides full
file access right and ownership support.

--------------------------------------------------------------------------------
Update Information:

Fix issue with incorrect obsoletes.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep  8 2021 Tom Callaway <[email protected]> - 2:2021.8.22-2
- remove incorrect obsoletes
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2001608 - CVE-2021-33285 ntfs3g: when a specially crafted NTFS 
attribute is supplied to the function ntfs_get_attribute_value, a heap buffer 
overflow can occur.
        https://bugzilla.redhat.com/show_bug.cgi?id=2001608
  [ 2 ] Bug #2001609 - CVE-2021-33286 ntfs-3g:  When a specially crafted 
unicode string is supplied in an NTFS image a heap buffer overflow can occur
        https://bugzilla.redhat.com/show_bug.cgi?id=2001609
  [ 3 ] Bug #2001613 - CVE-2021-33287 ntfs-3g: When specially crafted NTFS 
attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow 
can occur
        https://bugzilla.redhat.com/show_bug.cgi?id=2001613
  [ 4 ] Bug #2001616 - CVE-2021-33289 ntfs-3g: When a specially crafted MFT 
section is supplied in an NTFS image a heap buffer overflow can occur
        https://bugzilla.redhat.com/show_bug.cgi?id=2001616
  [ 5 ] Bug #2001619 - CVE-2021-35266 ntfs-3g: When a specially crafted NTFS 
inode pathname is supplied in an NTFS image a heap buffer overflow can occur
        https://bugzilla.redhat.com/show_bug.cgi?id=2001619
  [ 6 ] Bug #2001621 - CVE-2021-35267 ntfs-3g: A stack buffer overflow can 
occur when correcting differences in the MFT and MFTMirror allowing for code 
execution
        https://bugzilla.redhat.com/show_bug.cgi?id=2001621
  [ 7 ] Bug #2001623 - CVE-2021-35268 ntfs-3g: When a specially crafted NTFS 
inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow 
can occur
        https://bugzilla.redhat.com/show_bug.cgi?id=2001623
  [ 8 ] Bug #2001645 - CVE-2021-35269 ntfs-3g: when a specially crafted NTFS 
attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap 
buffer overflow can occur
        https://bugzilla.redhat.com/show_bug.cgi?id=2001645
  [ 9 ] Bug #2001649 - CVE-2021-39251 ntfs-3g: A crafted NTFS image can cause a 
NULL pointer dereference in ntfs_extent_inode_open
        https://bugzilla.redhat.com/show_bug.cgi?id=2001649
  [ 10 ] Bug #2001650 - CVE-2021-39252 ntfs-3g: A crafted NTFS image can cause 
an out-of-bounds read in ntfs_ie_lookup
        https://bugzilla.redhat.com/show_bug.cgi?id=2001650
  [ 11 ] Bug #2001651 - CVE-2021-39253 ntfs-3g: A crafted NTFS image can cause 
an out-of-bounds read in ntfs_runlists_merge_i
        https://bugzilla.redhat.com/show_bug.cgi?id=2001651
  [ 12 ] Bug #2001652 - CVE-2021-39254 ntfs-3g: A crafted NTFS image can cause 
an integer overflow in memmove, leading to a heap-based buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=2001652
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update ntfs-3g' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
epel-package-announce mailing list -- 
[email protected]
To unsubscribe send an email to 
[email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to