Security update for e2fsprogs
e2fsprogs was updated to fix two security issues.
The following vulnerabilities were fixed:
* CVE-2015-1572: A local user could have executed arbitrary code by causing a crafted block group descriptor to be marked as dirty. Completes fix for CVE-2015-0247. (boo#918346)
* CVE-2015-0247: A local user could have executed arbitrary code via crafted block group descriptor data in a filesystem image. (boo#915402)
-
Submitted by
Jan Kara (jankara)
Fixed bugs
bnc#915402
VUL-1: CVE-2015-0247: e2fsprogs: couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...)
bnc#918346
VUL-1: CVE-2015-1572: e2fsprogs: potential buffer overflow in closefs()
