Advisories » MGASA-2015-0061

Updated e2fsprogs packages fix CVE-2015-0247

Publication date: 11 Feb 2015
Modification date: 11 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0247

Description

Updated e2fsprogs packages fix security vulnerability:

The libext2fs library, part of e2fsprogs and utilized by its utilities, is
affected by a boundary check error on block group descriptor information,
leading to a heap based buffer overflow. A specially crafted filesystem image
can be used to trigger the vulnerability (CVE-2015-0247).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15208
• http://www.ocert.org/advisories/ocert-2015-002.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247

SRPMS

4/core

• e2fsprogs-1.42.9-2.1.mga4