{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for ntfs-3g_ntfsprogs","title":"Title of the patch"},{"category":"description","text":"This update for ntfs-3g_ntfsprogs fixes the following issues:\n\nUpdate to version 2021.8.22 (bsc#1189720):\n\n* Fixed compile error when building with libfuse < 2.8.0\n* Fixed obsolete macros in configure.ac\n* Signalled support of UTIME_OMIT to external libfuse2\n* Fixed an improper macro usage in ntfscp.c\n* Updated the repository change in the README\n* Fixed vulnerability threats caused by maliciously tampered NTFS partitions\n* Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287,\n  CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268,\n  CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253,\n  CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257,\n  CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261,\n  CVE-2021-39262, CVE-2021-39263.\n\n- Library soversion is now 89\n\n* Changes in version 2017.3.23\n* Delegated processing of special reparse points to external plugins\n* Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs\n* Enabled fallback to read-only mount when the volume is hibernated\n* Made a full check for whether an extended attribute is allowed\n* Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap)\n* Enabled encoding broken UTF-16 into broken UTF-8\n* Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev>\n* Allowed using the full library API on systems without extended attributes support\n* Fixed DISABLE_PLUGINS as the condition for not using plugins\n* Corrected validation of multi sector transfer protected records\n* Denied creating/removing files from $Extend\n* Returned the size of locale encoded target as the size of symlinks\n\nThis update was imported from the SUSE:SLE-15:Update update project.","title":"Description of the patch"},{"category":"details","text":"openSUSE-2021-1244","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1244-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2021:1244-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6I22R7EMWP6WBQIXDCKB4KJMMB67TMZK/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2021:1244-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6I22R7EMWP6WBQIXDCKB4KJMMB67TMZK/"},{"category":"self","summary":"SUSE Bug 1189720","url":"https://bugzilla.suse.com/1189720"},{"category":"self","summary":"SUSE CVE CVE-2019-9755 page","url":"https://www.suse.com/security/cve/CVE-2019-9755/"},{"category":"self","summary":"SUSE CVE CVE-2021-33285 page","url":"https://www.suse.com/security/cve/CVE-2021-33285/"},{"category":"self","summary":"SUSE CVE CVE-2021-33286 page","url":"https://www.suse.com/security/cve/CVE-2021-33286/"},{"category":"self","summary":"SUSE CVE CVE-2021-33287 page","url":"https://www.suse.com/security/cve/CVE-2021-33287/"},{"category":"self","summary":"SUSE CVE CVE-2021-33289 page","url":"https://www.suse.com/security/cve/CVE-2021-33289/"},{"category":"self","summary":"SUSE CVE CVE-2021-35266 page","url":"https://www.suse.com/security/cve/CVE-2021-35266/"},{"category":"self","summary":"SUSE CVE CVE-2021-35267 page","url":"https://www.suse.com/security/cve/CVE-2021-35267/"},{"category":"self","summary":"SUSE CVE CVE-2021-35268 page","url":"https://www.suse.com/security/cve/CVE-2021-35268/"},{"category":"self","summary":"SUSE CVE CVE-2021-35269 page","url":"https://www.suse.com/security/cve/CVE-2021-35269/"},{"category":"self","summary":"SUSE CVE CVE-2021-39251 page","url":"https://www.suse.com/security/cve/CVE-2021-39251/"},{"category":"self","summary":"SUSE CVE CVE-2021-39252 page","url":"https://www.suse.com/security/cve/CVE-2021-39252/"},{"category":"self","summary":"SUSE CVE CVE-2021-39253 page","url":"https://www.suse.com/security/cve/CVE-2021-39253/"},{"category":"self","summary":"SUSE CVE CVE-2021-39255 page","url":"https://www.suse.com/security/cve/CVE-2021-39255/"},{"category":"self","summary":"SUSE CVE CVE-2021-39256 page","url":"https://www.suse.com/security/cve/CVE-2021-39256/"},{"category":"self","summary":"SUSE CVE CVE-2021-39257 page","url":"https://www.suse.com/security/cve/CVE-2021-39257/"},{"category":"self","summary":"SUSE CVE CVE-2021-39258 page","url":"https://www.suse.com/security/cve/CVE-2021-39258/"},{"category":"self","summary":"SUSE CVE CVE-2021-39259 page","url":"https://www.suse.com/security/cve/CVE-2021-39259/"},{"category":"self","summary":"SUSE CVE CVE-2021-39260 page","url":"https://www.suse.com/security/cve/CVE-2021-39260/"},{"category":"self","summary":"SUSE CVE CVE-2021-39261 page","url":"https://www.suse.com/security/cve/CVE-2021-39261/"},{"category":"self","summary":"SUSE CVE CVE-2021-39262 page","url":"https://www.suse.com/security/cve/CVE-2021-39262/"},{"category":"self","summary":"SUSE CVE CVE-2021-39263 page","url":"https://www.suse.com/security/cve/CVE-2021-39263/"}],"title":"Security update for ntfs-3g_ntfsprogs","tracking":{"current_release_date":"2021-09-09T06:21:47Z","generator":{"date":"2021-09-09T06:21:47Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2021:1244-1","initial_release_date":"2021-09-09T06:21:47Z","revision_history":[{"date":"2021-09-09T06:21:47Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","product":{"name":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","product_id":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586"}},{"category":"product_version","name":"libntfs-3g87-2021.8.22-lp152.5.3.1.i586","product":{"name":"libntfs-3g87-2021.8.22-lp152.5.3.1.i586","product_id":"libntfs-3g87-2021.8.22-lp152.5.3.1.i586"}},{"category":"product_version","name":"ntfs-3g-2021.8.22-lp152.5.3.1.i586","product":{"name":"ntfs-3g-2021.8.22-lp152.5.3.1.i586","product_id":"ntfs-3g-2021.8.22-lp152.5.3.1.i586"}},{"category":"product_version","name":"ntfsprogs-2021.8.22-lp152.5.3.1.i586","product":{"name":"ntfsprogs-2021.8.22-lp152.5.3.1.i586","product_id":"ntfsprogs-2021.8.22-lp152.5.3.1.i586"}},{"category":"product_version","name":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","product":{"name":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","product_id":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586"}}],"category":"architecture","name":"i586"},{"branches":[{"category":"product_version","name":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","product":{"name":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","product_id":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64"}},{"category":"product_version","name":"libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","product":{"name":"libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","product_id":"libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64"}},{"category":"product_version","name":"ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","product":{"name":"ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","product_id":"ntfs-3g-2021.8.22-lp152.5.3.1.x86_64"}},{"category":"product_version","name":"ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","product":{"name":"ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","product_id":"ntfsprogs-2021.8.22-lp152.5.3.1.x86_64"}},{"category":"product_version","name":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64","product":{"name":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64","product_id":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.2","product":{"name":"openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586"},"product_reference":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64"},"product_reference":"libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libntfs-3g87-2021.8.22-lp152.5.3.1.i586 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586"},"product_reference":"libntfs-3g87-2021.8.22-lp152.5.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64"},"product_reference":"libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"ntfs-3g-2021.8.22-lp152.5.3.1.i586 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586"},"product_reference":"ntfs-3g-2021.8.22-lp152.5.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"ntfs-3g-2021.8.22-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64"},"product_reference":"ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"ntfsprogs-2021.8.22-lp152.5.3.1.i586 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586"},"product_reference":"ntfsprogs-2021.8.22-lp152.5.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"ntfsprogs-2021.8.22-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64"},"product_reference":"ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586"},"product_reference":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"},"product_reference":"ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"}]},"vulnerabilities":[{"cve":"CVE-2019-9755","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-9755"}],"notes":[{"category":"general","text":"An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-9755","url":"https://www.suse.com/security/cve/CVE-2019-9755"},{"category":"external","summary":"SUSE Bug 1130165 for CVE-2019-9755","url":"https://bugzilla.suse.com/1130165"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"moderate"}],"title":"CVE-2019-9755"},{"cve":"CVE-2021-33285","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-33285"}],"notes":[{"category":"general","text":"In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the \"bytes_in_use\" field should be less than the \"bytes_allocated\" field. When it is not, the parsing of the records proceeds into the wild.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-33285","url":"https://www.suse.com/security/cve/CVE-2021-33285"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-33285","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-33285"},{"cve":"CVE-2021-33286","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-33286"}],"notes":[{"category":"general","text":"In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-33286","url":"https://www.suse.com/security/cve/CVE-2021-33286"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-33286","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-33286"},{"cve":"CVE-2021-33287","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-33287"}],"notes":[{"category":"general","text":"In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-33287","url":"https://www.suse.com/security/cve/CVE-2021-33287"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-33287","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-33287"},{"cve":"CVE-2021-33289","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-33289"}],"notes":[{"category":"general","text":"In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-33289","url":"https://www.suse.com/security/cve/CVE-2021-33289"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-33289","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-33289"},{"cve":"CVE-2021-35266","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-35266"}],"notes":[{"category":"general","text":"In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-35266","url":"https://www.suse.com/security/cve/CVE-2021-35266"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-35266","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-35266"},{"cve":"CVE-2021-35267","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-35267"}],"notes":[{"category":"general","text":"NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-35267","url":"https://www.suse.com/security/cve/CVE-2021-35267"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-35267","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-35267"},{"cve":"CVE-2021-35268","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-35268"}],"notes":[{"category":"general","text":"In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-35268","url":"https://www.suse.com/security/cve/CVE-2021-35268"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-35268","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-35268"},{"cve":"CVE-2021-35269","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-35269"}],"notes":[{"category":"general","text":"NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-35269","url":"https://www.suse.com/security/cve/CVE-2021-35269"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-35269","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-35269"},{"cve":"CVE-2021-39251","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39251"}],"notes":[{"category":"general","text":"A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39251","url":"https://www.suse.com/security/cve/CVE-2021-39251"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39251","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39251"},{"cve":"CVE-2021-39252","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39252"}],"notes":[{"category":"general","text":"A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39252","url":"https://www.suse.com/security/cve/CVE-2021-39252"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39252","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39252"},{"cve":"CVE-2021-39253","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39253"}],"notes":[{"category":"general","text":"A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39253","url":"https://www.suse.com/security/cve/CVE-2021-39253"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39253","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39253"},{"cve":"CVE-2021-39255","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39255"}],"notes":[{"category":"general","text":"A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39255","url":"https://www.suse.com/security/cve/CVE-2021-39255"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39255","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39255"},{"cve":"CVE-2021-39256","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39256"}],"notes":[{"category":"general","text":"A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39256","url":"https://www.suse.com/security/cve/CVE-2021-39256"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39256","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39256"},{"cve":"CVE-2021-39257","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39257"}],"notes":[{"category":"general","text":"A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39257","url":"https://www.suse.com/security/cve/CVE-2021-39257"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39257","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39257"},{"cve":"CVE-2021-39258","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39258"}],"notes":[{"category":"general","text":"A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39258","url":"https://www.suse.com/security/cve/CVE-2021-39258"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39258","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39258"},{"cve":"CVE-2021-39259","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39259"}],"notes":[{"category":"general","text":"A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39259","url":"https://www.suse.com/security/cve/CVE-2021-39259"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39259","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39259"},{"cve":"CVE-2021-39260","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39260"}],"notes":[{"category":"general","text":"A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39260","url":"https://www.suse.com/security/cve/CVE-2021-39260"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39260","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39260"},{"cve":"CVE-2021-39261","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39261"}],"notes":[{"category":"general","text":"A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39261","url":"https://www.suse.com/security/cve/CVE-2021-39261"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39261","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39261"},{"cve":"CVE-2021-39262","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39262"}],"notes":[{"category":"general","text":"A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39262","url":"https://www.suse.com/security/cve/CVE-2021-39262"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39262","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39262"},{"cve":"CVE-2021-39263","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2021-39263"}],"notes":[{"category":"general","text":"A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2021-39263","url":"https://www.suse.com/security/cve/CVE-2021-39263"},{"category":"external","summary":"SUSE Bug 1189720 for CVE-2021-39263","url":"https://bugzilla.suse.com/1189720"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g-devel-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:libntfs-3g87-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfs-3g-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-2021.8.22-lp152.5.3.1.x86_64","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.i586","openSUSE Leap 15.2:ntfsprogs-extra-2021.8.22-lp152.5.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2021-09-09T06:21:47Z","details":"important"}],"title":"CVE-2021-39263"}]}