Bug 563936 (CVE-2015-8026)

Summary:	<sys-fs/exfat-utils-1.2.1: Heap overflow and endless loop (CVE-2015-8026)
Product:	Gentoo Security	Reporter:	Hanno Böck <hanno>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	base-system, ssuominen
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html
Whiteboard:	B2 [glsa cve]
Package list:		Runtime testing required:	---

Description Hanno Böck gentoo-dev

2015-10-24 08:28:19 UTC

The release of exfat-utils 1.2.1 fixes two potential security bugs I discovered. One of them is a bit more severe (a write heap overflow), therefore I think this deserves security handling.
https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html

The update is already in the tree, so stabilization would be next.

Comment 1 Agostino Sarubbo gentoo-dev

2015-10-27 16:17:30 UTC

amd64 stable

Comment 2 Agostino Sarubbo gentoo-dev

2015-10-27 16:17:53 UTC

x86 stable

Comment 3 Agostino Sarubbo gentoo-dev

2015-10-28 08:11:28 UTC

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 4 Yury German Gentoo Infrastructure

2015-12-31 02:23:29 UTC

Arches, Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).

Comment 5 Mike Gilbert gentoo-dev

2016-09-21 01:59:00 UTC

Cleanup done.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2016-12-12 00:18:10 UTC

This issue was resolved and addressed in
 GLSA 201612-31 at https://security.gentoo.org/glsa/201612-31
by GLSA coordinator Kristian Fiskerstrand (K_F).