| Errata ID | 322 |
|---|---|
| Date | 2015-09-23 |
| Source package | e2fsprogs |
| Fixed in version | 1.42.5-1.1.42.201509111046 |
| Description | Multiple security vulnerabilities have been fixed in e2fsprogs: * Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image (CVE-2015-0247). * Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247 (CVE-2015-1572). |
| Additional notes | |
| CVE ID | CVE-2015-0247 CVE-2015-1572 |
| UCS Bug number | #37744 |
