Lucene search

K
osvGoogleOSV:DSA-1422-1
HistoryDec 07, 2007 - 12:00 a.m.

e2fsprogs - arbitrary code execution

2007-12-0700:00:00
Google
osv.dev
6

Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the
ext2 file system utilities and libraries, contained multiple
integer overflows in memory allocations, based on sizes taken directly
from filesystem information. These could result in heap-based
overflows potentially allowing the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
1.39+1.40-WIP-2006.11.14+dfsg-2etch1.

For the unstable distribution (sid), this problem will be fixed shortly.

We recommend that you upgrade your e2fsprogs package.