Debian Security Advisory
DLA-162-1 e2fsprogs -- LTS security update
- Date Reported:
- 28 Feb 2015
- Affected Packages:
- e2fsprogs
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 778948.
In Mitre's CVE dictionary: CVE-2015-1572. - More information:
-
Jose Duart of the Google Security Team discovered a buffer overflow in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem.
- CVE-2015-1572
Incomplete fix for CVE-2015-0247.
For Debian 6
Squeeze
, these issues have been fixed in e2fsprogs version 1.41.12-4+deb6u2 - CVE-2015-1572