ALT Linux Team

Package e2fsprogs update in sisyphus on 2015-11-17

ALT-PU-2015-2007-1

Package e2fsprogs updated to version 1.42.13-alt1 for branch sisyphus in task 153403.

Closed vulnerabilities

Published: 2015-02-17
Modified: 2025-04-12

CVE-2015-0247

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-02-24
Modified: 2025-04-12

CVE-2015-1572

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top