CVE-2015-1572
Published: 16 February 2015
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
Priority
Status
Package | Release | Status |
---|---|---|
e2fsprogs Launchpad, Ubuntu, Debian |
lucid |
Released
(1.41.11-1ubuntu2.3)
|
precise |
Released
(1.42-1ubuntu2.2)
|
|
trusty |
Released
(1.42.9-3ubuntu1.2)
|
|
upstream |
Needs triage
|
|
utopic |
Released
(1.42.10-1.1ubuntu1.2)
|
|
Patches: upstream: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 |