Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1341-1

Опубликовано: 29 июн. 2015
Источник: suse-cvrf

Описание

Security update for e2fsprogs

Two security issues were fixed in e2fsprogs:

Security issues fixed:

  • CVE-2015-0247: Various heap overflows were fixed in e2fsprogs (fsck, dumpe2fs, e2image...).
  • CVE-2015-1572: Fixed a potential buffer overflow in closefs() (bsc#918346 )

Список пакетов

SUSE Linux Enterprise Desktop 12
e2fsprogs-1.42.11-7.1
libcom_err2-1.42.11-7.1
libcom_err2-32bit-1.42.11-7.1
libext2fs2-1.42.11-7.1
SUSE Linux Enterprise Server 12
e2fsprogs-1.42.11-7.1
libcom_err2-1.42.11-7.1
libcom_err2-32bit-1.42.11-7.1
libext2fs2-1.42.11-7.1
SUSE Linux Enterprise Server for SAP Applications 12
e2fsprogs-1.42.11-7.1
libcom_err2-1.42.11-7.1
libcom_err2-32bit-1.42.11-7.1
libext2fs2-1.42.11-7.1
SUSE Linux Enterprise Software Development Kit 12
e2fsprogs-devel-1.42.11-7.1
libcom_err-devel-1.42.11-7.1
libext2fs-devel-1.42.11-7.1

Ссылки

Описание

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:e2fsprogs-1.42.11-7.1
SUSE Linux Enterprise Desktop 12:libcom_err2-1.42.11-7.1
SUSE Linux Enterprise Desktop 12:libcom_err2-32bit-1.42.11-7.1
SUSE Linux Enterprise Desktop 12:libext2fs2-1.42.11-7.1
Ссылки

Описание

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:e2fsprogs-1.42.11-7.1
SUSE Linux Enterprise Desktop 12:libcom_err2-1.42.11-7.1
SUSE Linux Enterprise Desktop 12:libcom_err2-32bit-1.42.11-7.1
SUSE Linux Enterprise Desktop 12:libext2fs2-1.42.11-7.1
Ссылки