Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.39+1.40-WIP-2006.11.14+dfsg-2etch1. For the unstable distribution (sid), this problem will be fixed shortly. We recommend that you upgrade your e2fsprogs package.
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in version 1.39+1.40-WIP-2006.11.14+dfsg-2etch4.
For the unstable distribution (sid), this problem will be fixed shortly.
We recommend that you upgrade your e2fsprogs package.
MD5 checksums of the listed files are available in the original advisory.