Debian Security Advisory

DLA-162-1 e2fsprogs -- LTS security update

Date Reported:
28 Feb 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 778948.
In Mitre's CVE dictionary: CVE-2015-1572.
More information:

Jose Duart of the Google Security Team discovered a buffer overflow in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem.

For Debian 6 Squeeze, these issues have been fixed in e2fsprogs version 1.41.12-4+deb6u2