Date: Tue, 24 Feb 2015 00:20:17 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r379718 - head/security/vuxml Message-ID: <201502240020.t1O0KHVS036438@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Tue Feb 24 00:20:16 2015 New Revision: 379718 URL: https://svnweb.freebsd.org/changeset/ports/379718 QAT: https://qat.redports.org/buildarchive/r379718/ Log: Record two e2fsprogs vulnerabilities.CVE-2015-0247 <URL:http://vuxml.freebsd.org/0f488b7b-bbb9-11e4-903c-080027ef73ec.html>; Topic: e2fsprogs -- potential buffer overflow in closefs() Affects: e2fsprogs < 1.42.12_2 References: url:http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 cvename:CVE-2015-1572 <URL:http://vuxml.freebsd.org/2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html>; Security: CVE-2015-0247 Security: CVE-2015-1572 Security: 0f488b7b-bbb9-11e4-903c-080027ef73ec Security: 2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Feb 24 00:17:50 2015 (r379717) +++ head/security/vuxml/vuln.xml Tue Feb 24 00:20:16 2015 (r379718) @@ -57,6 +57,63 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="0f488b7b-bbb9-11e4-903c-080027ef73ec"> + <topic>e2fsprogs -- buffer overflow if s_first_meta_bg too big</topic> + <affects> + <package> + <name>e2fsprogs</name> + <range><lt>1.42.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Theodore Ts'o reports:</p> + <blockquote cite="http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4">; + <p>If s_first_meta_bg is greater than the of number block group descriptor blocks, then reading or writing the block group descriptors will end up overruning the memory buffer allocated for the descriptors.</p> + <p>The finding is credited to a vulnerability report from Jose Duart of Google Security Team <jduart AT google.com> and was reported through oCERT-2015-002.</p> + </blockquote> + </body> + </description> + <references> + <url>http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4</url>; + <url>http://www.ocert.org/advisories/ocert-2015-002.html</url>; + <url>https://bugzilla.redhat.com/show_bug.cgi?id=1187032</url>; + <cvename>CVE-2015-0247</cvename> + </references> + <dates> + <discovery>2014-08-09</discovery> + <entry>2015-02-24</entry> + </dates> + </vuln> + + <vuln vid="2a4bcd7d-bbb8-11e4-903c-080027ef73ec"> + <topic>e2fsprogs -- potential buffer overflow in closefs()</topic> + <affects> + <package> + <name>e2fsprogs</name> + <range><lt>1.42.12_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Theodore Ts'o reports:</p> + <blockquote cite="http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73">; + <p>On a carefully crafted filesystem that gets modified through + tune2fs or debugfs, it is possible to trigger a buffer overrun when + the file system is closed via closefs().</p> + </blockquote> + </body> + </description> + <references> + <url>http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73</url>; + <cvename>CVE-2015-1572</cvename> + </references> + <dates> + <discovery>2015-02-06</discovery> + <entry>2015-02-24</entry> + </dates> + </vuln> + <vuln vid="58033a95-bba8-11e4-88ae-d050992ecde8"> <topic>bind -- denial of service vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502240020.t1O0KHVS036438>