Bug 15352

Summary: e2fsprogs new security issue CVE-2015-1572
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: olchal, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/634436/
Whiteboard: has_procedure advisory MGA4-32-OK MGA4-64-OK
Source RPM: e2fsprogs-1.42.9-2.1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-02-24 18:57:35 CET 
Debian has issued an advisory on February 22:
https://www.debian.org/security/2015/dsa-3166

Upstream patch checked into Mageia 4 and Cauldron SVN.

Freeze push requested for Cauldron.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-02-24 21:52:53 CET 
Note that this issue is due to an incomplete fix for CVE-2015-0247, which we fixed in Bug 15208.

Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=15208#c2
Comment 2 David Walser 2015-02-25 02:26:59 CET 
Patched package uploaded for Mageia 4.

See the test procedure linked from Comment 1.

Advisory:
========================

Updated e2fsprogs packages fix security vulnerability:

The libext2fs library, part of e2fsprogs and utilized by its utilities, is
affected by a boundary check error on block group descriptor information,
leading to a heap based buffer overflow. A specially crafted filesystem image
can be used to trigger the vulnerability. This is due to an incomplete fix
for CVE-2015-0247 (CVE-2015-1572).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572
http://advisories.mageia.org/MGASA-2015-0061.html
https://www.debian.org/security/2015/dsa-3166
========================

Updated packages in core/updates_testing:
========================
e2fsprogs-1.42.9-2.2.mga4
libext2fs2-1.42.9-2.2.mga4
libext2fs-devel-1.42.9-2.2.mga4

from e2fsprogs-1.42.9-2.2.mga4.src.rpm

Assignee: bugsquad => qa-bugs
Whiteboard: (none) => has_procedure

Comment 3 David Walser 2015-02-25 03:37:00 CET 
Testing complete Mageia 4 i586 using the previous procedure.

Whiteboard: has_procedure => has_procedure MGA4-32-OK

Comment 4 olivier charles 2015-02-25 07:17:30 CET 
Testing on Mageia4x64 real hardware using procedure mentioned in comment 1

with updated testing packages :
-----------------------------
e2fsprogs-1.42.9-2.2.mga4.x86_64
lib64ext2fs-devel-1.42.9-2.2.mga4.x86_64  
lib64ext2fs2-1.42.9-2.2.mga4.x86_64

OK on Mageia 4x64

(just had to replace last line of procedure :
$ /usr/sbin/e2freefrag /tmp/foo.img
by 
$ /usr/sbin/e2freefrag foo.img)

CC: (none) => olchal
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK

Comment 5 claire robinson 2015-02-25 21:50:04 CET 
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OK
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2015-02-26 09:27:35 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0088.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED