Debian Bug report logs -
#454760
e2fsprogs: CVE-2007-5497 multiple integer overflows
Reported by: Nico Golde <nion@debian.org>
Date: Fri, 7 Dec 2007 16:48:02 UTC
Severity: grave
Tags: patch, security
Found in versions e2fsprogs/1.37-2sarge1, e2fsprogs/1.40.2-1
Fixed in versions 1.39+1.40-WIP-2006.11.14+dfsg-2etch4, e2fsprogs/1.40.2-1+lenny1, e2fsprogs/1.40.3-1
Done: Nico Golde <nion@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, tytso@mit.edu (Theodore Y. Ts'o):
Bug#454760; Package e2fsprogs.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to tytso@mit.edu (Theodore Y. Ts'o).
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: e2fsprogs
Version: 1.37-2sarge1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for e2fsprogs.
CVE-2007-5497[0]:
| Multiple integer overflows in libext2fs in e2fsprogs allow
| user-assisted remote attackers to execute arbitrary code via a crafted
| filesystem image.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
From what I can see the attached patch fixes this issues. I
extracted it from the SuSE update.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[e2fsprogs-VUL0_integer_overflow.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Bug marked as fixed in version 1.39+1.40-WIP-2006.11.14+dfsg-2etch4.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Fri, 07 Dec 2007 17:12:04 GMT) (full text, mbox, link).
Bug marked as found in version 1.40.2-1.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Fri, 07 Dec 2007 17:12:05 GMT) (full text, mbox, link).
Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #14 received at 454760-close@bugs.debian.org (full text, mbox, reply):
Source: e2fsprogs
Source-Version: 1.40.2-1+lenny1
We believe that the bug you reported is fixed in the latest version of
e2fsprogs, which is due to be installed in the Debian FTP archive:
comerr-dev_2.1-1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/comerr-dev_2.1-1.40.2-1+lenny1_i386.deb
e2fsck-static_1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/e2fsck-static_1.40.2-1+lenny1_i386.deb
e2fslibs-dev_1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/e2fslibs-dev_1.40.2-1+lenny1_i386.deb
e2fslibs_1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/e2fslibs_1.40.2-1+lenny1_i386.deb
e2fsprogs-udeb_1.40.2-1+lenny1_i386.udeb
to pool/main/e/e2fsprogs/e2fsprogs-udeb_1.40.2-1+lenny1_i386.udeb
e2fsprogs_1.40.2-1+lenny1.diff.gz
to pool/main/e/e2fsprogs/e2fsprogs_1.40.2-1+lenny1.diff.gz
e2fsprogs_1.40.2-1+lenny1.dsc
to pool/main/e/e2fsprogs/e2fsprogs_1.40.2-1+lenny1.dsc
e2fsprogs_1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/e2fsprogs_1.40.2-1+lenny1_i386.deb
libblkid-dev_1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/libblkid-dev_1.40.2-1+lenny1_i386.deb
libblkid1-udeb_1.40.2-1+lenny1_i386.udeb
to pool/main/e/e2fsprogs/libblkid1-udeb_1.40.2-1+lenny1_i386.udeb
libblkid1_1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/libblkid1_1.40.2-1+lenny1_i386.deb
libcomerr2_1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/libcomerr2_1.40.2-1+lenny1_i386.deb
libss2_1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/libss2_1.40.2-1+lenny1_i386.deb
libuuid1-udeb_1.40.2-1+lenny1_i386.udeb
to pool/main/e/e2fsprogs/libuuid1-udeb_1.40.2-1+lenny1_i386.udeb
libuuid1_1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/libuuid1_1.40.2-1+lenny1_i386.deb
ss-dev_2.0-1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/ss-dev_2.0-1.40.2-1+lenny1_i386.deb
uuid-dev_1.2-1.40.2-1+lenny1_i386.deb
to pool/main/e/e2fsprogs/uuid-dev_1.2-1.40.2-1+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 454760@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated e2fsprogs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 07 Dec 2007 18:10:36 +0100
Source: e2fsprogs
Binary: e2fslibs-dev libblkid1-udeb libblkid1 comerr-dev libuuid1 ss-dev uuid-dev e2fslibs e2fsck-static e2fsprogs-udeb libuuid1-udeb e2fsprogs libblkid-dev libcomerr2 libss2
Architecture: source i386
Version: 1.40.2-1+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Theodore Y. Ts'o <tytso@mit.edu>
Changed-By: Nico Golde <nion@debian.org>
Description:
comerr-dev - common error description library - headers and static libraries
e2fsck-static - statically-linked version of the ext2 filesystem checker
e2fslibs - ext2 filesystem libraries
e2fslibs-dev - ext2 filesystem libraries - headers and static libraries
e2fsprogs - ext2 file system utilities and libraries
e2fsprogs-udeb - stripped-down versions of e2fsprogs, for debian-installer (udeb)
libblkid-dev - block device id library - headers and static libraries
libblkid1 - block device id library
libblkid1-udeb - block device id library (udeb)
libcomerr2 - common error description library
libss2 - command-line interface parsing library
libuuid1 - universally unique id library
libuuid1-udeb - universally unique id library (udeb)
ss-dev - command-line interface parsing library - headers and static libra
uuid-dev - universally unique id library - headers and static libraries
Closes: 454760
Changes:
e2fsprogs (1.40.2-1+lenny1) testing-security; urgency=high
.
* Non-maintainer upload by testing-security team.
* This update addresses multiple integer overflows in libext2fs
which could lead to arbitrary code execution via crafted
filesystem images (CVE-2007-5497; Closes: #454760).
Files:
44b8aa4c20c60c38b3d5bfef37c78b83 846 admin required e2fsprogs_1.40.2-1+lenny1.dsc
130ce559a0f311ea2bc04a47b4982d0a 3965919 admin required e2fsprogs_1.40.2.orig.tar.gz
2e3950ed698f66c172a9534dfc92dcf1 2554 admin required e2fsprogs_1.40.2-1+lenny1.diff.gz
e7d7bafb6c92bf9d5863685a59d0df95 552306 admin optional e2fsck-static_1.40.2-1+lenny1_i386.deb
c8af7f87604e1fe88944aa17d3e76ea7 33836 libs required libcomerr2_1.40.2-1+lenny1_i386.deb
f7e297d44efd16b253f24535a0aca4eb 39336 libs required libss2_1.40.2-1+lenny1_i386.deb
d5f99241fa7b8643fc20d58c91cf3108 35450 libs required libuuid1_1.40.2-1+lenny1_i386.deb
a1bc1249454258e51e7270bcdf83aaff 46886 libs required libblkid1_1.40.2-1+lenny1_i386.deb
0cfb288bade8d09f90f83e2a6988b753 21328 libdevel extra libblkid-dev_1.40.2-1+lenny1_i386.deb
f6aad60ec09d27306355369f4c3be65d 105832 libs required e2fslibs_1.40.2-1+lenny1_i386.deb
5a63c17012e63468acc84e9590387813 151958 libdevel extra e2fslibs-dev_1.40.2-1+lenny1_i386.deb
30c32603112789e91edaffc87e23d4ae 605686 admin required e2fsprogs_1.40.2-1+lenny1_i386.deb
5e2d0045530b64af760fc97e93bb272c 41500 libdevel extra comerr-dev_2.1-1.40.2-1+lenny1_i386.deb
cfd38277cc5de48f79914375ba3c1868 16770 libdevel extra ss-dev_2.0-1.40.2-1+lenny1_i386.deb
8ab9dff6b2dc2b47e57db851a260dbbb 50356 libdevel extra uuid-dev_1.2-1.40.2-1+lenny1_i386.deb
e5a5123b4d00b1561799bb9b53ce824e 179836 debian-installer optional e2fsprogs-udeb_1.40.2-1+lenny1_i386.udeb
896f35986008c25f4c425f375df0d6dd 15448 debian-installer optional libblkid1-udeb_1.40.2-1+lenny1_i386.udeb
95e6e31fe23f869c89c4e2c4477e901b 5440 debian-installer optional libuuid1-udeb_1.40.2-1+lenny1_i386.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHWYkRHYflSXNkfP8RAqPGAJ9ZegFXNp1wY6swFTESZOVLtS1OkwCePjYG
XEMFw45K/rEQRDWBwKu02xU=
=Xp7E
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, tytso@mit.edu (Theodore Y. Ts'o):
Bug#454760; Package e2fsprogs.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to tytso@mit.edu (Theodore Y. Ts'o).
(full text, mbox, link).
Message #19 received at 454760@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Theodore,
I fixed this issue in testing-security. The patch I attached
first and the one used in the stable DSA is incomplete in my
opinion. Attached is a complete fix for this used in the
testing-security upload.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[CVE-2007-5497.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Bug marked as fixed in version 1.40.3-1.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Fri, 14 Dec 2007 17:12:10 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 24 Jan 2008 07:33:49 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:53:42 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon