Bug 15208

Summary: e2fsprogs new security issue CVE-2015-0247
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/632571/
Whiteboard: has_procedure advisory MGA4-32-OK mga4-64-ok
Source RPM: e2fsprogs-1.42.9-2.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-02-05 18:44:39 CET 
An advisory has been issued today (February 5):
http://www.ocert.org/advisories/ocert-2015-002.html

The issue was fixed in 1.42.12, which is already in Cauldron.

Patched package uploaded for Mageia 4.

Advisory:
========================

Updated e2fsprogs packages fix security vulnerability:

The libext2fs library, part of e2fsprogs and utilized by its utilities, is
affected by a boundary check error on block group descriptor information,
leading to a heap based buffer overflow. A specially crafted filesystem image
can be used to trigger the vulnerability (CVE-2015-0247).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247
http://www.ocert.org/advisories/ocert-2015-002.html
========================

Updated packages in core/updates_testing:
========================
e2fsprogs-1.42.9-2.1.mga4
libext2fs2-1.42.9-2.1.mga4
libext2fs-devel-1.42.9-2.1.mga4

from e2fsprogs-1.42.9-2.1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-02-09 20:54:13 CET 
Fedora has issued an advisory for this on February 7:
https://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html

URL: (none) => http://lwn.net/Vulnerabilities/632571/

Comment 2 David Walser 2015-02-10 14:33:53 CET 
Tested by creating a loopback filesystem image and playing with it a bit.

$ dd if=/dev/zero of=foo.img bs=1M count=8
$ /sbin/mkfs.ext3 foo.img
$ mkdir foofs
# mount -t ext3 foo.img foofs
# cp foo.tar.xz foofs/  # some file less than 8MB
# umount foofs
$ /sbin/dumpe2fs foo.img
$ /sbin/fsck.ext3 foo.img
$ /usr/sbin/e2freefrag /tmp/foo.img


Testing complete Mageia 4 i586.

Whiteboard: (none) => has_procedure MGA4-32-OK

Comment 3 claire robinson 2015-02-11 16:14:29 CET 
Testing complete mga4 64 using same tests as David.

Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA4-32-OK => has_procedure advisory MGA4-32-OK mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-02-11 21:48:44 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0061.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED