Описание
Security update for dosfstools
This update for dosfstools fixes the following issues:
-
fixed buffer overflows based on insufficient size of variable for storing FAT size (CVE-2016-4804, boo#980377)
- dosfstools-3.0.26-read-fat-overflow.patch
-
fixed memory corruption when setting FAT12 entries (CVE-2015-8872, boo#980364)
- dosfstools-3.0.26-off-by-2.patch
-
Fix attempt to rename root dir in fsck due to uninitialized fields [boo#912607]
-
Drop gpg-offline build-time requirement; this is now handled by the local source validator
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1461-1
- SUSE Security Ratings
Описание
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
Затронутые продукты
Ссылки
- CVE-2015-8872
- SUSE Bug 980364
Описание
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
Затронутые продукты
Ссылки
- CVE-2016-4804
- SUSE Bug 980364
- SUSE Bug 980377