Описание
Security update for e2fsprogs
This update for e2fsprogs fixes the following issues:
Security issues fixed:
- CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402).
- CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346).
Bug fixes:
- bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system.
- bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system.
- bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}.
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
e2fsprogs-1.43.8-4.3.1
e2fsprogs-devel-1.43.8-4.3.1
libcom_err-devel-1.43.8-4.3.1
libcom_err-devel-static-1.43.8-4.3.1
libcom_err2-1.43.8-4.3.1
libcom_err2-32bit-1.43.8-4.3.1
libext2fs-devel-1.43.8-4.3.1
libext2fs-devel-static-1.43.8-4.3.1
libext2fs2-1.43.8-4.3.1
Ссылки
- Link for SUSE-SU-2018:1987-1
- E-Mail link for SUSE-SU-2018:1987-1
- SUSE Security Ratings
- SUSE Bug 1009532
- SUSE Bug 1038194
- SUSE Bug 915402
- SUSE Bug 918346
- SUSE Bug 960273
- SUSE CVE CVE-2015-0247 page
- SUSE CVE CVE-2015-1572 page
Описание
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:e2fsprogs-1.43.8-4.3.1
SUSE Linux Enterprise Module for Basesystem 15:e2fsprogs-devel-1.43.8-4.3.1
SUSE Linux Enterprise Module for Basesystem 15:libcom_err-devel-1.43.8-4.3.1
SUSE Linux Enterprise Module for Basesystem 15:libcom_err-devel-static-1.43.8-4.3.1
Ссылки
- CVE-2015-0247
- SUSE Bug 1123790
- SUSE Bug 915402
- SUSE Bug 918346
Описание
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:e2fsprogs-1.43.8-4.3.1
SUSE Linux Enterprise Module for Basesystem 15:e2fsprogs-devel-1.43.8-4.3.1
SUSE Linux Enterprise Module for Basesystem 15:libcom_err-devel-1.43.8-4.3.1
SUSE Linux Enterprise Module for Basesystem 15:libcom_err-devel-static-1.43.8-4.3.1
Ссылки
- CVE-2015-1572
- SUSE Bug 1123790
- SUSE Bug 915402
- SUSE Bug 918346