Bug 1193945 (CVE-2015-1572)
Summary: | CVE-2015-1572 e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | esandeen, josef, kzak, mmilgram, oliver, sct, slawomir |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library (for example, fsck) to crash or, possibly, execute arbitrary code.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-06-10 20:56:09 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1193947 | ||
Bug Blocks: | 1187035, 1193946 |
Description
Vasyl Kaigorodov
2015-02-18 15:36:40 UTC
Created e2fsprogs tracking bugs for this issue: Affects: fedora-all [bug 1193947] (In reply to Vasyl Kaigorodov from comment #0) > The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if > s_first_meta_bg is too big" had a typo in the fix for ext2fs_closefs(). That commit is the fix for CVE-2015-0247 (see bug 1187032), so CVE-2015-1572 really is an incomplete / incorrect CVE-2015-0247 fix id. The original issue has not yet been fixed in Red Hat Enterprise Linux. Fixes for it are available in Fedora. Compared to the original issue, this flaw requires few additional conditions that must be met to be exploited - see upstream commit comment (quoted in comment 0 above) for details. There is no new upstream release yet. Version 1.42.13 is probably going to be next, which should include the fix for this issue. e2fsprogs-1.42.12-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. e2fsprogs-1.42.12-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. Statement: This issue affects e2fsprogs packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affects e4fsprogs packages as shipped with Red Hat Enterprise Linux 5. The issue is not planned to be addressed in Red Hat Enterprise Linux 5. This issue did not affect e2fsprogs packages as shipped with Red Hat Enterprise Linux 5. |