Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 563936 (CVE-2015-8026) - <sys-fs/exfat-utils-1.2.1: Heap overflow and endless loop (CVE-2015-8026)
Summary: <sys-fs/exfat-utils-1.2.1: Heap overflow and endless loop (CVE-2015-8026)
Status: RESOLVED FIXED
Alias: CVE-2015-8026
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://blog.fuzzing-project.org/25-H...
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-24 08:28 UTC by Hanno Böck
Modified: 2016-12-12 00:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2015-10-24 08:28:19 UTC
The release of exfat-utils 1.2.1 fixes two potential security bugs I discovered. One of them is a bit more severe (a write heap overflow), therefore I think this deserves security handling.
https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html

The update is already in the tree, so stabilization would be next.
Comment 1 Agostino Sarubbo gentoo-dev 2015-10-27 16:17:30 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2015-10-27 16:17:53 UTC
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-10-28 08:11:28 UTC
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2015-12-31 02:23:29 UTC
Arches, Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 5 Mike Gilbert gentoo-dev 2016-09-21 01:59:00 UTC
Cleanup done.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-12-12 00:18:10 UTC
This issue was resolved and addressed in
 GLSA 201612-31 at https://security.gentoo.org/glsa/201612-31
by GLSA coordinator Kristian Fiskerstrand (K_F).