Medium: e2fsprogs

2015-02-1119:36:00

alas.aws.amazon.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

19.2%

JSON

Issue Overview:

A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library (for example, fsck) to crash or, possibly, execute arbitrary code.

Affected Packages:

e2fsprogs

Issue Correction:
Run yum update e2fsprogs to update your system.

New Packages:

i686:  
    libss-1.42.12-1.34.amzn1.i686  
    e2fsprogs-libs-1.42.12-1.34.amzn1.i686  
    e2fsprogs-static-1.42.12-1.34.amzn1.i686  
    e2fsprogs-devel-1.42.12-1.34.amzn1.i686  
    e2fsprogs-1.42.12-1.34.amzn1.i686  
    e2fsprogs-debuginfo-1.42.12-1.34.amzn1.i686  
    libcom_err-devel-1.42.12-1.34.amzn1.i686  
    libcom_err-1.42.12-1.34.amzn1.i686  
    libss-devel-1.42.12-1.34.amzn1.i686  
  
src:  
    e2fsprogs-1.42.12-1.34.amzn1.src  
  
x86_64:  
    e2fsprogs-libs-1.42.12-1.34.amzn1.x86_64  
    libcom_err-1.42.12-1.34.amzn1.x86_64  
    e2fsprogs-static-1.42.12-1.34.amzn1.x86_64  
    libss-devel-1.42.12-1.34.amzn1.x86_64  
    libss-1.42.12-1.34.amzn1.x86_64  
    e2fsprogs-1.42.12-1.34.amzn1.x86_64  
    e2fsprogs-debuginfo-1.42.12-1.34.amzn1.x86_64  
    e2fsprogs-devel-1.42.12-1.34.amzn1.x86_64  
    libcom_err-devel-1.42.12-1.34.amzn1.x86_64

Additional References

Red Hat: CVE-2015-0247

Mitre: CVE-2015-0247

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686libss< 1.42.12-1.34.amzn1libss-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux1i686e2fsprogs-libs< 1.42.12-1.34.amzn1e2fsprogs-libs-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux1i686e2fsprogs-static< 1.42.12-1.34.amzn1e2fsprogs-static-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux1i686e2fsprogs-devel< 1.42.12-1.34.amzn1e2fsprogs-devel-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux1i686e2fsprogs< 1.42.12-1.34.amzn1e2fsprogs-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux1i686e2fsprogs-debuginfo< 1.42.12-1.34.amzn1e2fsprogs-debuginfo-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux1i686libcom_err-devel< 1.42.12-1.34.amzn1libcom_err-devel-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux1i686libcom_err< 1.42.12-1.34.amzn1libcom_err-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux1i686libss-devel< 1.42.12-1.34.amzn1libss-devel-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux1x86_64e2fsprogs-libs< 1.42.12-1.34.amzn1e2fsprogs-libs-1.42.12-1.34.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	libss	< 1.42.12-1.34.amzn1	libss-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux	1	i686	e2fsprogs-libs	< 1.42.12-1.34.amzn1	e2fsprogs-libs-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux	1	i686	e2fsprogs-static	< 1.42.12-1.34.amzn1	e2fsprogs-static-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux	1	i686	e2fsprogs-devel	< 1.42.12-1.34.amzn1	e2fsprogs-devel-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux	1	i686	e2fsprogs	< 1.42.12-1.34.amzn1	e2fsprogs-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux	1	i686	e2fsprogs-debuginfo	< 1.42.12-1.34.amzn1	e2fsprogs-debuginfo-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux	1	i686	libcom_err-devel	< 1.42.12-1.34.amzn1	libcom_err-devel-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux	1	i686	libcom_err	< 1.42.12-1.34.amzn1	libcom_err-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux	1	i686	libss-devel	< 1.42.12-1.34.amzn1	libss-devel-1.42.12-1.34.amzn1.i686.rpm
Amazon Linux	1	x86_64	e2fsprogs-libs	< 1.42.12-1.34.amzn1	e2fsprogs-libs-1.42.12-1.34.amzn1.x86_64.rpm