Hi Steve, * Steve Kemp <skx@debian.org> [2007-12-07 14:32]: > ------------------------------------------------------------------------ > Debian Security Advisory DSA-1422 security@debian.org > http://www.debian.org/security/ Steve Kemp > December 07, 2007 http://www.debian.org/security/faq > ------------------------------------------------------------------------ > > Package : e2fsprogs > Vulnerability : integer overfows > Problem type : local > Debian-specific: no > CVE Id(s) : CVE-2007-5497 > > Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, > ext2 file system utilities and libraries, contained multiple > integer overflows in memory allocations, based on sizes taken directly > from filesystem information. These could result in heap-based > overflows potentially allowing the execution of arbitrary code. > > For the stable distribution (etch), this problem has been fixed in version > 1.39+1.40-WIP-2006.11.14+dfsg-2etch1. [...] e2fsck/swapfs.c: retval = ext2fs_get_mem(fs->blocksize * fs->inode_blocks_per_group, resize/resize2fs.c: retval = ext2fs_get_mem(fs->blocksize * fs->inode_blocks_per_group, resize/resize2fs.c: retval = ext2fs_get_mem(fs->blocksize * resize/resize2fs.c: retval = ext2fs_get_mem(rfs->old_fs->blocksize * 3, &block_buf); resize/extent.c: retval = ext2fs_get_mem(sizeof(struct ext2_extent_entry) * What about those, are they unimportant? They are still present in the etch code. I stumbled upon them while preparing a testing-security upload. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpVEMTP3oo7Y.pgp
Description: PGP signature