e2fsprogs: Arbitrary code execution — GLSA 201507-22

A heap-based buffer overflow in e2fsprogs could result in execution of arbitrary code.

Affected Packages

sys-fs/e2fsprogs on all architectures
Affected versions < 1.42.13
Unaffected versions >= 1.42.13

Background

e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems.

Description

e2fsprogs has a heap-based buffer overflow in closefs.c in the libext2fs library.

Impact

A local attacker could execute arbitrary code via a specially crafted block group descriptor.

Workaround

There is no known workaround at this time.

Resolution

All e2fsprogs users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-fs/e2fsprogs-1.42.13"
 

References

Release Date
July 23, 2015

Latest Revision
July 23, 2015: 1

Severity
normal

Exploitable
local

Bugzilla entries