Advisories » MGASA-2015-0422

Updated exfat-utils package fixes security vulnerabilities

Publication date: 02 Nov 2015
Modification date: 02 Nov 2015
Type: security
Affected Mageia releases : 5

Description

Fix heap overflow and endless loop in exfatfsck

exfat-utils is a collection of tools to work with the exFAT filesystem.
Fuzzing the exfatfsck with american fuzzy lop led to the discovery of a
write heap overflow and an endless loop.

Especially at risk are systems that are configured to run filesystem
checks automatically on external devices like USB flash drives.

A malformed input can cause a write heap overflow in the function
verify_vbr_checksum. It might be possible to use this for code
execution.

Another malformed input can cause an endless loop, leading to a
possible denial of service.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17013
• http://openwall.com/lists/oss-security/2015/10/24/1

SRPMS

5/core

• exfat-utils-1.1.0-3.1.mga5