Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 540536 (CVE-2015-1572) - <sys-fs/e2fsprogs-1.42.13: potential buffer overflow in closefs() (CVE-2015-1572)
Summary: <sys-fs/e2fsprogs-1.42.13: potential buffer overflow in closefs() (CVE-2015-1...
Status: RESOLVED FIXED
Alias: CVE-2015-1572
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-18 15:40 UTC by Agostino Sarubbo
Modified: 2016-07-02 03:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-02-18 15:40:15 UTC
From ${URL} :

From the upstream commit [1]:
"""
The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if s_first_meta_bg is too big" had a typo in the fix for ext2fs_closefs(). In practice most of the security exposure was from the openfs path, since this meant if there was a carefully crafted file 
system, buffer overrun would be triggered when the file system was opened. However, if corrupted file system didn't trip over some corruption check, and then the file system was modified via tune2fs or debugfs, such that the superblock was marked dirty and then 
written out via the closefs() path, it's possible that the buffer overrun could be triggered when the file system is closed. 
"""

[1]: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Anthony Basile gentoo-dev 2015-02-18 21:20:29 UTC
(In reply to Agostino Sarubbo from comment #0)
> From ${URL} :
> s_first_meta_bg is too big" had a typo in the fix for ext2fs_closefs(). In

Well that sucks.  We should just backport that patch.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2015-06-15 00:15:42 UTC
CVE-2015-1572 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1572):
  Heap-based buffer overflow in closefs.c in the libext2fs library in
  e2fsprogs before 1.42.12 allows local users to execute arbitrary code by
  causing a crafted block group descriptor to be marked as dirty. NOTE: this
  vulnerability exists because of an incomplete fix for CVE-2015-0247.
Comment 3 SpanKY gentoo-dev 2015-07-06 08:08:29 UTC
the CVE seems to be wrong as the fix is in 1.42.13, not 1.42.12

at any rate, 1.42.13 is in the tree now and can be stabilized
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2015-07-16 11:39:27 UTC
Arches, please test and mark stable:

=sys-fs/e2fsprogs-1.42.13

Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

Thank you!
Comment 5 Jeroen Roovers gentoo-dev 2015-07-16 17:23:52 UTC
(In reply to Yury German from comment #4)
> Arches, please test and mark stable:
> 
> =sys-fs/e2fsprogs-1.42.13

And =sys-libs/e2fsprogs-libs-1.42.13 I presume.
Comment 6 Tobias Klausmann gentoo-dev 2015-07-16 18:30:36 UTC
Both stable on alpha.
Comment 7 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-16 19:30:48 UTC
amd64 stable
Comment 8 Jeroen Roovers gentoo-dev 2015-07-17 04:42:34 UTC
Stable for HPPA PPC64.
Comment 9 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-17 11:01:22 UTC
x86 stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-17 11:07:57 UTC
I am drafting this now
Comment 11 Markus Meier gentoo-dev 2015-07-18 00:14:34 UTC
arm stable
Comment 12 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-22 15:08:49 UTC
ia64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2015-07-23 09:02:18 UTC
ppc stable
Comment 14 Agostino Sarubbo gentoo-dev 2015-07-23 09:36:43 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2015-07-23 15:40:04 UTC
This issue was resolved and addressed in
 GLSA 201507-22 at https://security.gentoo.org/glsa/201507-22
by GLSA coordinator Mikle Kolyada (Zlogene).
Comment 16 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-23 15:40:55 UTC
Reopen for cleanup
Comment 17 Yury German Gentoo Infrastructure gentoo-dev Security 2015-08-10 13:31:00 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 18 Yury German Gentoo Infrastructure gentoo-dev Security 2015-10-10 02:39:51 UTC
It has been 30 days+ since cleanup requested.
Maintainer(s), please drop the vulnerable version(s). If not cleaned up then it will be removed from tree by security.
Comment 19 Yury German Gentoo Infrastructure gentoo-dev Security 2016-04-26 07:28:58 UTC
Maintainer(s), Thank you for your work.
Comment 20 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-02 03:20:12 UTC
cleanup completed... addressed in GLSA already.