Summary: | <sys-fs/e2fsprogs-1.46.6: code execution via specially crafted filesystem | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=2068113 | ||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-04-15 00:32:50 UTC
Ts'o says he's applied this, but I don't see it in git yet: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/ Looks like there's a set of Ted patches for fuzzing issues: https://lore.kernel.org/all/20220607042444.1798015-6-tytso@mit.edu/T/ Czerner's patch ended up in git as ab51d587bb9b229b1fade1afd02e1574c1ba5c76 unreleased afaict (In reply to John Helmert III from comment #2) > Looks like there's a set of Ted patches for fuzzing issues: > > https://lore.kernel.org/all/20220607042444.1798015-6-tytso@mit.edu/T/ > > Czerner's patch ended up in git as ab51d587bb9b229b1fade1afd02e1574c1ba5c76 > unreleased afaict ~/git/e2fsprogs $ git tag --contains ab51d58 v1.46.6-rc1 Please clean up vulnerable version 1.46.5-r4. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2c1145bba802b0b17dfc629247db2a687bb29c6c commit 2c1145bba802b0b17dfc629247db2a687bb29c6c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-18 07:59:58 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-02-18 08:02:38 +0000 [ GLSA 202402-15 ] e2fsprogs: Arbitrary Code Execution Bug: https://bugs.gentoo.org/838388 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202402-15.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |