Описание
Security update for e2fsprogs
This update for e2fsprogs fixes the following issues:
Security issues fixed:
- CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402).
- CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346).
Bug fixes:
- bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system.
- bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system.
- bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}.
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
e2fsprogs-1.43.8-lp150.3.3.1
e2fsprogs-devel-1.43.8-lp150.3.3.1
libcom_err-devel-1.43.8-lp150.3.3.1
libcom_err-devel-32bit-1.43.8-lp150.3.3.1
libcom_err-devel-static-1.43.8-lp150.3.3.1
libcom_err2-1.43.8-lp150.3.3.1
libcom_err2-32bit-1.43.8-lp150.3.3.1
libext2fs-devel-1.43.8-lp150.3.3.1
libext2fs-devel-32bit-1.43.8-lp150.3.3.1
libext2fs-devel-static-1.43.8-lp150.3.3.1
libext2fs2-1.43.8-lp150.3.3.1
libext2fs2-32bit-1.43.8-lp150.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:2133-1
- SUSE Security Ratings
Описание
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
Затронутые продукты
openSUSE Leap 15.0:e2fsprogs-1.43.8-lp150.3.3.1
openSUSE Leap 15.0:e2fsprogs-devel-1.43.8-lp150.3.3.1
openSUSE Leap 15.0:libcom_err-devel-1.43.8-lp150.3.3.1
openSUSE Leap 15.0:libcom_err-devel-32bit-1.43.8-lp150.3.3.1
Ссылки
- CVE-2015-0247
- SUSE Bug 1123790
- SUSE Bug 915402
- SUSE Bug 918346
Описание
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
Затронутые продукты
openSUSE Leap 15.0:e2fsprogs-1.43.8-lp150.3.3.1
openSUSE Leap 15.0:e2fsprogs-devel-1.43.8-lp150.3.3.1
openSUSE Leap 15.0:libcom_err-devel-1.43.8-lp150.3.3.1
openSUSE Leap 15.0:libcom_err-devel-32bit-1.43.8-lp150.3.3.1
Ссылки
- CVE-2015-1572
- SUSE Bug 1123790
- SUSE Bug 915402
- SUSE Bug 918346