e2fsprogs -- security update

ID DSA-3166
Type debian
Reporter Debian
Modified 2015-02-22T00:00:00


Jose Duart of the Google Security Team discovered a buffer overflow in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem.

Buffer overflow in the ext2/ext3/ext4 file system open/close routines.

Incomplete fix for CVE-2015-0247.

For the stable distribution (wheezy), these problems have been fixed in version 1.42.5-1.1+deb7u1.

For the upcoming stable (jessie) and unstable (sid) distributions, these problems will be fixed soon.

We recommend that you upgrade your e2fsprogs packages.