Login
Newsletter
Werbung
Sicherheit: Zahlenüberläufe in e2fsprogs
Aktuelle Meldungen Distributionen
Name: Zahlenüberläufe in e2fsprogs
ID: MDKSA-2007:242
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1, Mandriva 2008.0
Datum: Di, 11. Dezember 2007, 02:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497
Applikationen: e2fsprogs

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1197335172-4794-6266


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:242
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : e2fsprogs
 Date    : December 10, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained
 multiple integer overflows in memory allocations, based on sizes
 taken directly from filesystem information.  These flaws could result
 in heap-based overflows potentially allowing for the execution of
 arbitrary code.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 ff40ef940d3bbce7c4314d0bf06d529f 
 2007.0/i586/e2fsprogs-1.39-2.1mdv2007.0.i586.rpm
 3159902d97bdc6871faec84838c9a5ab 
 2007.0/i586/libext2fs2-1.39-2.1mdv2007.0.i586.rpm
 ec4e5539f5168aa045899458ec2b82c3 
 2007.0/i586/libext2fs2-devel-1.39-2.1mdv2007.0.i586.rpm 
 8cb48b6e43625f33f37554445f65f2f0 
 2007.0/SRPMS/e2fsprogs-1.39-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 31ad9695ac03879d202ae8e1800e8df4 
 2007.0/x86_64/e2fsprogs-1.39-2.1mdv2007.0.x86_64.rpm
 3fe3232e9f750d3855796e9ada2c7b18 
 2007.0/x86_64/lib64ext2fs2-1.39-2.1mdv2007.0.x86_64.rpm
 cd1392e26b4c68be93c232cd991b0ef8 
 2007.0/x86_64/lib64ext2fs2-devel-1.39-2.1mdv2007.0.x86_64.rpm 
 8cb48b6e43625f33f37554445f65f2f0 
 2007.0/SRPMS/e2fsprogs-1.39-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 7d550dee8465b402dbc01e6881aa27a0 
 2007.1/i586/e2fsprogs-1.39-5.2mdv2007.1.i586.rpm
 9f54587c0eb5b7af5241560bfee74b55 
 2007.1/i586/libext2fs2-1.39-5.2mdv2007.1.i586.rpm
 4b30c50260a5d433c80e56800787c27c 
 2007.1/i586/libext2fs2-devel-1.39-5.2mdv2007.1.i586.rpm 
 3e4c659c9eaabf743382b604e2cb6fe4 
 2007.1/SRPMS/e2fsprogs-1.39-5.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 82d1bd6787634b85c34ae44641f52a4f 
 2007.1/x86_64/e2fsprogs-1.39-5.2mdv2007.1.x86_64.rpm
 26ef510b1e3b4fbcd0e27170908176c3 
 2007.1/x86_64/lib64ext2fs2-1.39-5.2mdv2007.1.x86_64.rpm
 27a5dee786f11a543544f20a78811ce3 
 2007.1/x86_64/lib64ext2fs2-devel-1.39-5.2mdv2007.1.x86_64.rpm 
 3e4c659c9eaabf743382b604e2cb6fe4 
 2007.1/SRPMS/e2fsprogs-1.39-5.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 d4be99f5ff36d4d5ef62787611b626ff 
 2008.0/i586/e2fsprogs-1.40.2-5.1mdv2008.0.i586.rpm
 2a7239249e195efd3b617061cdd0dcf7 
 2008.0/i586/libext2fs-devel-1.40.2-5.1mdv2008.0.i586.rpm
 00c482bc1cf18b4a30968ad6a24b3d81 
 2008.0/i586/libext2fs2-1.40.2-5.1mdv2008.0.i586.rpm 
 1bc32b40c67ac660d97b9261e29a9b2c 
 2008.0/SRPMS/e2fsprogs-1.40.2-5.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 e67a66424204013c42c54f8bd478d5ff 
 2008.0/x86_64/e2fsprogs-1.40.2-5.1mdv2008.0.x86_64.rpm
 3a4b98d08dad0321199e981b8a1cd80a 
 2008.0/x86_64/lib64ext2fs-devel-1.40.2-5.1mdv2008.0.x86_64.rpm
 af9c4dec36ca727fc1baba6a83766cb6 
 2008.0/x86_64/lib64ext2fs2-1.40.2-5.1mdv2008.0.x86_64.rpm 
 1bc32b40c67ac660d97b9261e29a9b2c 
 2008.0/SRPMS/e2fsprogs-1.40.2-5.1mdv2008.0.src.rpm

 Corporate 3.0:
 403bda3951bdca8b82113c0d0baabd2d 
 corporate/3.0/i586/e2fsprogs-1.34-5.1.C30mdk.i586.rpm
 d90ee27030d07a346a5237fe2938260f 
 corporate/3.0/i586/libext2fs2-1.34-5.1.C30mdk.i586.rpm
 7f3b1d7a825278d7288eb7c60282ed73 
 corporate/3.0/i586/libext2fs2-devel-1.34-5.1.C30mdk.i586.rpm 
 e7a4b7eac4f2b68ce7bd4707321fff69 
 corporate/3.0/SRPMS/e2fsprogs-1.34-5.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 bed3787f200681b1b71920a47f3f8d74 
 corporate/3.0/x86_64/e2fsprogs-1.34-5.1.C30mdk.x86_64.rpm
 1511236c38ef773820c2f45b9310b677 
 corporate/3.0/x86_64/lib64ext2fs2-1.34-5.1.C30mdk.x86_64.rpm
 4d4d9749858131a86acbf27f61f9f9aa 
 corporate/3.0/x86_64/lib64ext2fs2-devel-1.34-5.1.C30mdk.x86_64.rpm 
 e7a4b7eac4f2b68ce7bd4707321fff69 
 corporate/3.0/SRPMS/e2fsprogs-1.34-5.1.C30mdk.src.rpm

 Corporate 4.0:
 8cf5c9086da533ab006087e69d544c40 
 corporate/4.0/i586/e2fsprogs-1.38-3.2.20060mdk.i586.rpm
 9e16d9df63f786c06c0fe41d0e9988f4 
 corporate/4.0/i586/libext2fs2-1.38-3.2.20060mdk.i586.rpm
 8014e6c373d68a5a998586599ea4cd52 
 corporate/4.0/i586/libext2fs2-devel-1.38-3.2.20060mdk.i586.rpm 
 05a7b67cf7dcfcb587aec47f2d3f8493 
 corporate/4.0/SRPMS/e2fsprogs-1.38-3.2.20060mdk.src.rpm

 Corporate 4.0/X86_64:
 8b3b8a6ce94076b52978e43cf9e12f48 
 corporate/4.0/x86_64/e2fsprogs-1.38-3.2.20060mdk.x86_64.rpm
 30b74422fda6bd3c157179613752a264 
 corporate/4.0/x86_64/lib64ext2fs2-1.38-3.2.20060mdk.x86_64.rpm
 95784fca97d5fea9d54603b3f6b8a8cc 
 corporate/4.0/x86_64/lib64ext2fs2-devel-1.38-3.2.20060mdk.x86_64.rpm 
 05a7b67cf7dcfcb587aec47f2d3f8493 
 corporate/4.0/SRPMS/e2fsprogs-1.38-3.2.20060mdk.src.rpm

 Multi Network Firewall 2.0:
 4d98c367af2d9f27df8d4b88a5afdf1f 
 mnf/2.0/i586/e2fsprogs-1.34-5.1.M20mdk.i586.rpm
 a952ade257bea9787ba8bc6f3fc71fd7 
 mnf/2.0/i586/libext2fs2-1.34-5.1.M20mdk.i586.rpm
 bd6b983acf88cba046a86e1172e036a8 
 mnf/2.0/i586/libext2fs2-devel-1.34-5.1.M20mdk.i586.rpm 
 cad219a6351f58e7ae7299e894229a71 
 mnf/2.0/SRPMS/e2fsprogs-1.34-5.1.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHXbjmmqjQ0CJFipgRAtkBAJ4sQYEn5ZNrljrb8BPwkHjn+7sJoQCbBQLK
R2nNIpmB6zImuYkF7lJAZrQ=
=Uusl
-----END PGP SIGNATURE-----


------------=_1197335172-4794-6266
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1197335172-4794-6266--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung