ELSA-2024-12730

Опубликовано: 10 окт. 2024

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2024-12730: e2fsprogs security update (MODERATE)

[1.45.4-3.0.7.el7]

libext2fs: add sanity check to extent manipulation (Srivathsa Dara) [Orabug: 37095032] {CVE-2022-1304}

[1.45.4-3.0.5.el7]

e2fsprogs: bump version to 1.45.4-3.0.5

[1.45.4-3.0.5]

Fix missing changelog entries to match the latest RHEL8 packages

[1.45.4-3.0.3]

Fix build scripts to generate i386 builds
Re-integrate ext2_types.h multiarch compatibility fixes.

[1.45.4-3.0.1]

Integrate patches from the 'upstream' 1.45.4 package.
Fix the version number to match Oracle standards.
Re-integrate the multiarch build kludge from RH.
Enable e2scrub package for OL8 only
Start building newer package for UEK6

[1.45.4-3]

Fix clang warning introduced in previous release (#1783777)

[1.45.4-2]

Fix ABI breakage introduced in previous release (#1783777)

[1.45.4-1]

Rebase to the release 1.45.4 (#1783777)
provide rhel6/7 compatible fs_type in mke2fs.conf (#1780279)
fix crafted ext4 partition leads to out-of-bounds write (#1768709)
include note about supported rhel8 features and options (#1788573)

[1.44.6-3]

Backport fixes from 1.45.2 (#1714927)
Fix errors in rpmdiff (#1714923)

[1.44.6-2]

Backport fixes from 1.45.1

[1.44.6-1]

Rebase to the release 1.44.6 (#1695147)
Backport fixes from 1.45.0
Add gating.yaml (#1679654)

[1.44.3-2]

Backport fixes from upstream version 1.44.4 (#1659526)

[1.44.3-1]

New upstream release

[1.43.8-2]

Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[1.43.8-1]

New upstream release
Fix build failure swapfs.c on big-endian

[1.43.7-1]

New upstream release

[1.43.6-1]

New upstream release

[1.43.5-2]

Bump and rebuild for an rpm signing issue

[1.43.5-1]

New upstream release

[1.43.4-4]

Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[1.43.4-3]

Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[1.43.4-2]

Add missing MIT macro

[1.43.4-1]

New upstream release

[1.43.3-1]

New upstream release

[1.43.2-1]

New upstream release (broken on i686, not built)

[1.43.1-2]

Fix e2undo endian issues (#1344636)

[1.43.1-1]

New upstream release

[1.42.13-4]

Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[1.42.13-3]

Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[1.42.13-2]

Add -fno-strict-aliasing (#1211582)

[1.42.13-1]

New upstream release

[1.42.12-5]

Don't trigger full check within time fudge window (#1202024)

[1.42.12-4]

Fix potential buffer overflow in closefs (#1193947, CVE-2015-1572)
Fix dumpe2fs segfault with no arguments (#1194063)
Don't require fsck prior to resize2fs -P (#1170803)

[1.42.12-3]

Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

[1.42.12-2]

Fix use after free (#1192861)
Fix time-based fsck if set in superblock (e2fsck.conf, #963283)

[1.42.12-1]

New upstream release

[1.42.11-3]

Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[1.42.11-2]

fix license handling

[1.42.11-1]

New upstream release

[1.42.10-5]

Rebuilt for buggy rpm 4.12 alpha - https://lists.fedoraproject.org/pipermail/devel/2014-June/200633.html

[1.42.10-4]

Add missing dependency info for quota.c - fixes build on s390(x)

[1.42.10-3]

Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[1.42.10-2]

Fix large file handling on 32-bit builds

[1.42.10-1]

New upstream release
Enable userspace quota

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

e2fsprogs

1.45.4-3.0.7.el7

e2fsprogs-devel

1.45.4-3.0.7.el7

e2fsprogs-libs

1.45.4-3.0.7.el7

e2fsprogs-static

1.45.4-3.0.7.el7

libcom_err

1.45.4-3.0.7.el7

libcom_err-devel

1.45.4-3.0.7.el7

libss

1.45.4-3.0.7.el7

libss-devel

1.45.4-3.0.7.el7

Oracle Linux x86_64

e2fsprogs

1.45.4-3.0.7.el7

e2fsprogs-devel

1.45.4-3.0.7.el7

e2fsprogs-libs

1.45.4-3.0.7.el7

e2fsprogs-static

1.45.4-3.0.7.el7

libcom_err

1.45.4-3.0.7.el7

libcom_err-devel

1.45.4-3.0.7.el7

libss

1.45.4-3.0.7.el7

libss-devel

1.45.4-3.0.7.el7

Связанные CVE

CVE-2022-1304

Ссылки на источники

Связанные уязвимости

CVE-2022-1304

CVSS3: 7.8

ubuntu

около 3 лет назад

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

CVE-2022-1304

CVSS3: 5.8

redhat

около 3 лет назад

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

CVE-2022-1304

CVSS3: 7.8

nvd

около 3 лет назад

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

CVE-2022-1304

CVSS3: 7.8

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-1304

CVSS3: 7.8

debian

около 3 лет назад

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...