From owner-svn-ports-all@FreeBSD.ORG Tue Feb 24 00:20:17 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BE93798F; Tue, 24 Feb 2015 00:20:17 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A85F4812; Tue, 24 Feb 2015 00:20:17 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t1O0KHQm036440; Tue, 24 Feb 2015 00:20:17 GMT (envelope-from mandree@FreeBSD.org) Received: (from mandree@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t1O0KHVS036438; Tue, 24 Feb 2015 00:20:17 GMT (envelope-from mandree@FreeBSD.org) Message-Id: <201502240020.t1O0KHVS036438@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: mandree set sender to mandree@FreeBSD.org using -f From: Matthias Andree Date: Tue, 24 Feb 2015 00:20:17 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r379718 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2015 00:20:18 -0000 Author: mandree Date: Tue Feb 24 00:20:16 2015 New Revision: 379718 URL: https://svnweb.freebsd.org/changeset/ports/379718 QAT: https://qat.redports.org/buildarchive/r379718/ Log: Record two e2fsprogs vulnerabilities.CVE-2015-0247 Topic: e2fsprogs -- potential buffer overflow in closefs() Affects: e2fsprogs < 1.42.12_2 References: url:http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 cvename:CVE-2015-1572 Security: CVE-2015-0247 Security: CVE-2015-1572 Security: 0f488b7b-bbb9-11e4-903c-080027ef73ec Security: 2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Feb 24 00:17:50 2015 (r379717) +++ head/security/vuxml/vuln.xml Tue Feb 24 00:20:16 2015 (r379718) @@ -57,6 +57,63 @@ Notes: --> + + e2fsprogs -- buffer overflow if s_first_meta_bg too big + + + e2fsprogs + 1.42.12 + + + + +

Theodore Ts'o reports:

+
+

If s_first_meta_bg is greater than the of number block group descriptor blocks, then reading or writing the block group descriptors will end up overruning the memory buffer allocated for the descriptors.

+

The finding is credited to a vulnerability report from Jose Duart of Google Security Team <jduart AT google.com> and was reported through oCERT-2015-002.

+
+ + + + http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4 + http://www.ocert.org/advisories/ocert-2015-002.html + https://bugzilla.redhat.com/show_bug.cgi?id=1187032 + CVE-2015-0247 + + + 2014-08-09 + 2015-02-24 + + + + + e2fsprogs -- potential buffer overflow in closefs() + + + e2fsprogs + 1.42.12_2 + + + + +

Theodore Ts'o reports:

+
+

On a carefully crafted filesystem that gets modified through + tune2fs or debugfs, it is possible to trigger a buffer overrun when + the file system is closed via closefs().

+
+ + + + http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 + CVE-2015-1572 + + + 2015-02-06 + 2015-02-24 + + + bind -- denial of service vulnerability