SUSE-SU-2015:1364-1

Опубликовано: 26 июн. 2015

Источник: suse-cvrf

Описание

Security update for e2fsprogs

Two security issues were fixed in e2fsprogs:

* CVE-2015-0247: Various heap overflows were fixed in e2fsprogs (fsck, dumpe2fs, e2image). * CVE-2015-1572: Fixed a potential buffer overflow in closefs(). (bsc#918346)

Additionally, badblocks was enhanced to work with very large partitions. (bsc#932539)

Security Issues:

* CVE-2015-0247 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247> * CVE-2015-1572 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

e2fsprogs-1.41.9-2.10.11.1

libblkid1-2.19.1-6.62.7

libblkid1-32bit-2.19.1-6.62.7

libcom_err2-1.41.9-2.10.11.1

libcom_err2-32bit-1.41.9-2.10.11.1

libext2fs2-1.41.9-2.10.11.1

libuuid-devel-2.19.1-6.62.7

libuuid1-2.19.1-6.62.7

libuuid1-32bit-2.19.1-6.62.7

uuid-runtime-2.19.1-6.62.7

SUSE Linux Enterprise Server 11 SP3

e2fsprogs-1.41.9-2.10.11.1

libblkid1-2.19.1-6.62.7

libblkid1-32bit-2.19.1-6.62.7

libblkid1-x86-2.19.1-6.62.7

libcom_err2-1.41.9-2.10.11.1

libcom_err2-32bit-1.41.9-2.10.11.1

libcom_err2-x86-1.41.9-2.10.11.1

libext2fs2-1.41.9-2.10.11.1

libuuid1-2.19.1-6.62.7

libuuid1-32bit-2.19.1-6.62.7

libuuid1-x86-2.19.1-6.62.7

uuid-runtime-2.19.1-6.62.7

SUSE Linux Enterprise Server 11 SP3-TERADATA

e2fsprogs-1.41.9-2.10.11.1

libblkid1-2.19.1-6.62.7

libblkid1-32bit-2.19.1-6.62.7

libblkid1-x86-2.19.1-6.62.7

libcom_err2-1.41.9-2.10.11.1

libcom_err2-32bit-1.41.9-2.10.11.1

libcom_err2-x86-1.41.9-2.10.11.1

libext2fs2-1.41.9-2.10.11.1

libuuid1-2.19.1-6.62.7

libuuid1-32bit-2.19.1-6.62.7

libuuid1-x86-2.19.1-6.62.7

uuid-runtime-2.19.1-6.62.7

SUSE Linux Enterprise Server for SAP Applications 11 SP3

e2fsprogs-1.41.9-2.10.11.1

libblkid1-2.19.1-6.62.7

libblkid1-32bit-2.19.1-6.62.7

libblkid1-x86-2.19.1-6.62.7

libcom_err2-1.41.9-2.10.11.1

libcom_err2-32bit-1.41.9-2.10.11.1

libcom_err2-x86-1.41.9-2.10.11.1

libext2fs2-1.41.9-2.10.11.1

libuuid1-2.19.1-6.62.7

libuuid1-32bit-2.19.1-6.62.7

libuuid1-x86-2.19.1-6.62.7

uuid-runtime-2.19.1-6.62.7

SUSE Linux Enterprise Software Development Kit 11 SP3

e2fsprogs-devel-1.41.9-2.10.11.1

libblkid-devel-2.19.1-6.62.7

libblkid-devel-32bit-2.19.1-6.62.7

libcom_err-devel-1.41.9-2.10.11.1

libcom_err-devel-32bit-1.41.9-2.10.11.1

libext2fs-devel-1.41.9-2.10.11.1

libext2fs-devel-32bit-1.41.9-2.10.11.1

libext2fs2-32bit-1.41.9-2.10.11.1

libext2fs2-x86-1.41.9-2.10.11.1

libuuid-devel-2.19.1-6.62.7

libuuid-devel-32bit-2.19.1-6.62.7

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20151364-1/
Link for SUSE-SU-2015:1364-1
https://lists.suse.com/pipermail/sle-security-updates/2015-August/001530.html
E-Mail link for SUSE-SU-2015:1364-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/915402
SUSE Bug 915402
https://bugzilla.suse.com/918346
SUSE Bug 918346
https://bugzilla.suse.com/932539
SUSE Bug 932539
https://www.suse.com/security/cve/CVE-2015-0247/
SUSE CVE CVE-2015-0247 page
https://www.suse.com/security/cve/CVE-2015-1572/
SUSE CVE CVE-2015-1572 page

Описание

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:e2fsprogs-1.41.9-2.10.11.1

SUSE Linux Enterprise Desktop 11 SP3:libblkid1-2.19.1-6.62.7

SUSE Linux Enterprise Desktop 11 SP3:libblkid1-32bit-2.19.1-6.62.7

SUSE Linux Enterprise Desktop 11 SP3:libcom_err2-1.41.9-2.10.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-0247.html
CVE-2015-0247
https://bugzilla.suse.com/1123790
SUSE Bug 1123790
https://bugzilla.suse.com/915402
SUSE Bug 915402
https://bugzilla.suse.com/918346
SUSE Bug 918346

Описание

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:e2fsprogs-1.41.9-2.10.11.1

SUSE Linux Enterprise Desktop 11 SP3:libblkid1-2.19.1-6.62.7

SUSE Linux Enterprise Desktop 11 SP3:libblkid1-32bit-2.19.1-6.62.7

SUSE Linux Enterprise Desktop 11 SP3:libcom_err2-1.41.9-2.10.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-1572.html
CVE-2015-1572
https://bugzilla.suse.com/1123790
SUSE Bug 1123790
https://bugzilla.suse.com/915402
SUSE Bug 915402
https://bugzilla.suse.com/918346
SUSE Bug 918346

SUSE-SU-2015:1364-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP3-TERADATA

SUSE Linux Enterprise Server for SAP Applications 11 SP3

SUSE Linux Enterprise Software Development Kit 11 SP3

Ссылки

Уязвимость: CVE-2015-0247

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-1572

Описание

Затронутые продукты

Ссылки