[SECURITY] [DLA 162-1] e2fsprogs security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 162-1] e2fsprogs security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 28 Feb 2015 22:24:00 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1502282222430.20263@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : e2fsprogs
Version        : 1.41.12-4+deb6u2
CVE ID         : CVE-2015-1572
Debian Bug     : 778948

ose Duart of the Google Security Team discovered a buffer overflow in
in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file
systems.  This issue can possibly lead to arbitrary code execution if
a malicious device is plugged in, the system is configured to
automatically mount it, and the mounting process chooses to run fsck
on the device's malicious filesystem.

CVE-2015-1572

    Incomplete fix for CVE-2015-0247.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJU8jHxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH9i0P/A0fz3mGakSRR68qp6IAmepq
+p6xuoGC6GuFO3ZBjnyH+IudSoE5PDmDv4ZZkJ+w+wR4cembwcAmtU7Ec9tYf0E4
VMOdCVRErmqCL91zlDJtBMJ5q4y9oW2Xfby5EovR2nkDH2xoB6gxAbIUp1ENxOLL
iW7l8Cldj+PSl31T+9pt0fygZrPod3H9Hkuzl7trZP0yPBqrAsWsiRH3FNYcFXjf
AsS/n3kFgM1x9chnurYAqTDwEDHLx7E6DhKckmgNMtUtbMtIp+S8JnWAYycRJy6n
bbw+DF3OLOpX2NMkZLVHjyHtMJW8qWrH2Ly6FhlYYBwKxNqUu2Fg2WLAT0hJvYtL
gdETVFxrrsdtXpXfkHMeEwGdBBfMnMJw4v5OBAvTRETWKiJ/r0q3PAabMCpF9xfd
tnr59No5fg47DrBEA+Qq99dyPYrtcgRMQDH2oGQyW+l9u5rDw/8xf2y6fSkh9kY3
MMauMIyccgHx+UEZbLTDOvNUPOFVoTPWyBBWznUCzdKvknC+pSvVnKGtEqsUjSGU
HQGZeDGBMGJ994Hfo2G7bagNOWoMyhIHe4V5numJ5Mip5eWZZCrzzY+Mv5BH4zZ/
HIKFM/5N9KuGn3n1KJSPByELLUp+SaaNtkLToONqSUUIxgWBW7s+r4iAZI79Kpav
lGCIoCut4m9T5pl9rSIC
=QKtj
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 161-1] libgtk2-perl security update
Previous by thread: [SECURITY] [DLA 161-1] libgtk2-perl security update
Index(es):
- Date
- Thread