From the upstream commit :
The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if s_first_meta_bg is too big" had a typo in the fix for ext2fs_closefs(). In practice most of the security exposure was from the openfs path, since this meant if there was a carefully crafted file system, buffer overrun would be triggered when the file system was opened. However, if corrupted file system didn't trip over some corruption check, and then the file system was modified via tune2fs or debugfs, such that the superblock was marked dirty and then written out via the closefs() path, it's possible that the buffer overrun could be triggered when the file system is closed.
Created e2fsprogs tracking bugs for this issue:
Affects: fedora-all [bug 1193947]
(In reply to Vasyl Kaigorodov from comment #0)
> The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if
> s_first_meta_bg is too big" had a typo in the fix for ext2fs_closefs().
That commit is the fix for CVE-2015-0247 (see bug 1187032), so CVE-2015-1572 really is an incomplete / incorrect CVE-2015-0247 fix id. The original issue has not yet been fixed in Red Hat Enterprise Linux. Fixes for it are available in Fedora.
Compared to the original issue, this flaw requires few additional conditions that must be met to be exploited - see upstream commit comment (quoted in comment 0 above) for details.
There is no new upstream release yet. Version 1.42.13 is probably going to be next, which should include the fix for this issue.
e2fsprogs-1.42.12-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
e2fsprogs-1.42.12-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue affects e2fsprogs packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue affects e4fsprogs packages as shipped with Red Hat Enterprise Linux 5. The issue is not planned to be addressed in Red Hat Enterprise Linux 5.
This issue did not affect e2fsprogs packages as shipped with Red Hat Enterprise Linux 5.