(RHSA-2008:0003) Moderate: e2fsprogs security update

2008-01-0700:00:00

access.redhat.com

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.031 Low

EPSS

Percentile

90.0%

JSON

The e2fsprogs packages contain a number of utilities for creating,
checking, modifying, and correcting any inconsistencies in second and third
extended (ext2/ext3) file systems.

Multiple integer overflow flaws were found in the way e2fsprogs processes
file system content. If a victim opens a carefully crafted file system with
a program using e2fsprogs, it may be possible to execute arbitrary code
with the permissions of the victim. It may be possible to leverage this
flaw in a virtualized environment to gain access to other virtualized
hosts. (CVE-2007-5497)

Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for
responsibly disclosing these issues.

Users of e2fsprogs are advised to upgrade to these updated packages, which
contain a backported patch to resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5ppc64e2fsprogs-devel< 1.39-10.el5_1.1e2fsprogs-devel-1.39-10.el5_1.1.ppc64.rpm
RedHat5x86_64e2fsprogs-devel< 1.39-10.el5_1.1e2fsprogs-devel-1.39-10.el5_1.1.x86_64.rpm
RedHat4s390e2fsprogs< 1.35-12.11.el4_6.1e2fsprogs-1.35-12.11.el4_6.1.s390.rpm
RedHat5i386e2fsprogs-libs< 1.39-10.el5_1.1e2fsprogs-libs-1.39-10.el5_1.1.i386.rpm
RedHatanyppce2fsprogs-devel< 1.32-15.4e2fsprogs-devel-1.32-15.4.ppc.rpm
RedHatanyia64e2fsprogs< 1.26-1.73e2fsprogs-1.26-1.73.ia64.rpm
RedHatanyi386e2fsprogs< 1.26-1.73e2fsprogs-1.26-1.73.i386.rpm
RedHat4x86_64e2fsprogs< 1.35-12.11.el4_6.1e2fsprogs-1.35-12.11.el4_6.1.x86_64.rpm
RedHat5ppce2fsprogs-libs< 1.39-10.el5_1.1e2fsprogs-libs-1.39-10.el5_1.1.ppc.rpm
RedHat4x86_64e2fsprogs-devel< 1.35-12.11.el4_6.1e2fsprogs-devel-1.35-12.11.el4_6.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	ppc64	e2fsprogs-devel	< 1.39-10.el5_1.1	e2fsprogs-devel-1.39-10.el5_1.1.ppc64.rpm
RedHat	5	x86_64	e2fsprogs-devel	< 1.39-10.el5_1.1	e2fsprogs-devel-1.39-10.el5_1.1.x86_64.rpm
RedHat	4	s390	e2fsprogs	< 1.35-12.11.el4_6.1	e2fsprogs-1.35-12.11.el4_6.1.s390.rpm
RedHat	5	i386	e2fsprogs-libs	< 1.39-10.el5_1.1	e2fsprogs-libs-1.39-10.el5_1.1.i386.rpm
RedHat	any	ppc	e2fsprogs-devel	< 1.32-15.4	e2fsprogs-devel-1.32-15.4.ppc.rpm
RedHat	any	ia64	e2fsprogs	< 1.26-1.73	e2fsprogs-1.26-1.73.ia64.rpm
RedHat	any	i386	e2fsprogs	< 1.26-1.73	e2fsprogs-1.26-1.73.i386.rpm
RedHat	4	x86_64	e2fsprogs	< 1.35-12.11.el4_6.1	e2fsprogs-1.35-12.11.el4_6.1.x86_64.rpm
RedHat	5	ppc	e2fsprogs-libs	< 1.39-10.el5_1.1	e2fsprogs-libs-1.39-10.el5_1.1.ppc.rpm
RedHat	4	x86_64	e2fsprogs-devel	< 1.35-12.11.el4_6.1	e2fsprogs-devel-1.35-12.11.el4_6.1.x86_64.rpm