Bug 37744 - e2fsprogs: Buffer overflow (4.0)
e2fsprogs: Buffer overflow (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P4 normal (vote)
: UCS 4.0-3-errata
Assigned To: Felix Botner
Daniel Tröder
:
Depends on: 37743
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-10 07:32 CET by Moritz Muehlenhoff
Modified: 2015-09-23 17:11 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-02-10 07:32:53 CET
CVE-2015-0247

A buffer overflow in processing malformed ext2 filesystems might result in the execution of arbitrary code.

This has low impact; exploiting it would require a significant amount of social engineering.
Comment 1 Arvid Requate univentionstaff 2015-02-23 14:55:34 CET
CVE-2015-0247: potential buffer overflow in closefs()  (incomplete fix for above)
Comment 2 Arvid Requate univentionstaff 2015-02-24 18:59:00 CET
This should have been:

CVE-2015-1572: incomplete fix for CVE-2015-0247
Comment 3 Arvid Requate univentionstaff 2015-05-06 17:20:04 CEST
Fixed in upstream Debian package version 1.42.5-1.1+deb7u1
Comment 4 Felix Botner univentionstaff 2015-09-11 10:54:50 CEST
1.42.5-1.1+deb7u1 imported from wheezy and built in errata4.0-3.

YAML: 2015-09-11-e2fsprogs.yaml
Comment 5 Daniel Tröder univentionstaff 2015-09-18 11:57:47 CEST
OK: DEBIAN_FRONTEND=noninteractive apt-get install -y e2fsprogs
OK: /usr/share/doc/e2fsprogs/changelog.Debian.gz
OK: r63648 + r63650 / 2015-09-11-e2fsprogs.yaml / CVE…
OK: Tests:
 * resize2fs /dev/root && echo OK 
 * e2label /dev/root root && ls -l /dev/disk/by-label/root /dev/root
 * touch /forcefsck; reboot → "Checking root file system... fsck..."
Comment 6 Janek Walkenhorst univentionstaff 2015-09-23 17:11:18 CEST
<http://errata.software-univention.de/ucs/4.0/322.html>