Security update for e2fsprogs SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2133-1 Final 1 1 2018-07-28T07:57:48Z current 2018-07-28T07:57:48Z 2018-07-28T07:57:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for e2fsprogs This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00050.html E-Mail link for openSUSE-SU-2018:2133-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 e2fsprogs-1.43.8-lp150.3.3.1 e2fsprogs-devel-1.43.8-lp150.3.3.1 libcom_err-devel-1.43.8-lp150.3.3.1 libcom_err-devel-32bit-1.43.8-lp150.3.3.1 libcom_err-devel-static-1.43.8-lp150.3.3.1 libcom_err2-1.43.8-lp150.3.3.1 libcom_err2-32bit-1.43.8-lp150.3.3.1 libext2fs-devel-1.43.8-lp150.3.3.1 libext2fs-devel-32bit-1.43.8-lp150.3.3.1 libext2fs-devel-static-1.43.8-lp150.3.3.1 libext2fs2-1.43.8-lp150.3.3.1 libext2fs2-32bit-1.43.8-lp150.3.3.1 e2fsprogs-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 e2fsprogs-devel-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libcom_err-devel-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libcom_err-devel-32bit-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libcom_err-devel-static-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libcom_err2-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libcom_err2-32bit-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libext2fs-devel-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libext2fs-devel-32bit-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libext2fs-devel-static-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libext2fs2-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 libext2fs2-32bit-1.43.8-lp150.3.3.1 as a component of openSUSE Leap 15.0 Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. CVE-2015-0247 openSUSE Leap 15.0:e2fsprogs-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:e2fsprogs-devel-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err-devel-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err-devel-32bit-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err-devel-static-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err2-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err2-32bit-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs-devel-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs-devel-32bit-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs-devel-static-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs2-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs2-32bit-1.43.8-lp150.3.3.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00050.html https://www.suse.com/security/cve/CVE-2015-0247.html CVE-2015-0247 https://bugzilla.suse.com/1123790 SUSE Bug 1123790 https://bugzilla.suse.com/915402 SUSE Bug 915402 https://bugzilla.suse.com/918346 SUSE Bug 918346 Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. CVE-2015-1572 openSUSE Leap 15.0:e2fsprogs-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:e2fsprogs-devel-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err-devel-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err-devel-32bit-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err-devel-static-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err2-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libcom_err2-32bit-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs-devel-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs-devel-32bit-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs-devel-static-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs2-1.43.8-lp150.3.3.1 openSUSE Leap 15.0:libext2fs2-32bit-1.43.8-lp150.3.3.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00050.html https://www.suse.com/security/cve/CVE-2015-1572.html CVE-2015-1572 https://bugzilla.suse.com/1123790 SUSE Bug 1123790 https://bugzilla.suse.com/915402 SUSE Bug 915402 https://bugzilla.suse.com/918346 SUSE Bug 918346