Hi, * Nico Golde <nion@debian.org> [2007-12-07 18:32]: [...] > > Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, > > ext2 file system utilities and libraries, contained multiple > > integer overflows in memory allocations, based on sizes taken directly > > from filesystem information. These could result in heap-based > > overflows potentially allowing the execution of arbitrary code. > > > > For the stable distribution (etch), this problem has been fixed in version > > 1.39+1.40-WIP-2006.11.14+dfsg-2etch1. > [...] > e2fsck/swapfs.c: retval = ext2fs_get_mem(fs->blocksize * fs->inode_blocks_per_group, > resize/resize2fs.c: retval = ext2fs_get_mem(fs->blocksize * fs->inode_blocks_per_group, > resize/resize2fs.c: retval = ext2fs_get_mem(fs->blocksize * > resize/resize2fs.c: retval = ext2fs_get_mem(rfs->old_fs->blocksize * 3, &block_buf); > resize/extent.c: retval = ext2fs_get_mem(sizeof(struct ext2_extent_entry) * > > What about those, are they unimportant? They are still present in the etch code. I stumbled > upon them while preparing a testing-security upload. Sorry, this mail was originally only addressed to Steve but since I also got this mail through the debian-security list it ended up here now :) Anyway, I looked again into these and from my point of view the released DSA is incomplete, I fixed those for testing-security by using get_mem_array as well. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpIB5q_6SU0w.pgp
Description: PGP signature