Univention Bugzilla – Bug 37744
e2fsprogs: Buffer overflow (4.0)
Last modified: 2015-09-23 17:11:18 CEST
CVE-2015-0247 A buffer overflow in processing malformed ext2 filesystems might result in the execution of arbitrary code. This has low impact; exploiting it would require a significant amount of social engineering.
CVE-2015-0247: potential buffer overflow in closefs() (incomplete fix for above)
This should have been: CVE-2015-1572: incomplete fix for CVE-2015-0247
Fixed in upstream Debian package version 1.42.5-1.1+deb7u1
1.42.5-1.1+deb7u1 imported from wheezy and built in errata4.0-3. YAML: 2015-09-11-e2fsprogs.yaml
OK: DEBIAN_FRONTEND=noninteractive apt-get install -y e2fsprogs OK: /usr/share/doc/e2fsprogs/changelog.Debian.gz OK: r63648 + r63650 / 2015-09-11-e2fsprogs.yaml / CVE… OK: Tests: * resize2fs /dev/root && echo OK * e2label /dev/root root && ls -l /dev/disk/by-label/root /dev/root * touch /forcefsck; reboot → "Checking root file system... fsck..."
<http://errata.software-univention.de/ucs/4.0/322.html>