Hi all, I would like to send debdiff file of e2fsprogs package for reviewing.
Could anyone please review it and give me some comments. And some texts for debian-lts-announce in case this debdiff is accepted as comments from Raphael Hertzog: libext2fs was vulnerable to a potential buffer overflow if s_first_meta_bg is too big. This fix doesn't correct the bad value of s_first_meta_bg but avoids causing e2fsprogs userspace programs from potential crashing. Thanks and best regards Cong -- ===================================================================== Nguyen The Cong (Mr) Software Engineer Toshiba Software Development (Vietnam) Co.,Ltd 519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam tel: +84-4-2220 8801 (Ext. 208) e-mail: [email protected] ===================================================================== Note: This e-mail message may contain personal information or confidential information. If you are not the addressee of this message, please delete this message and kindly notify the sender as soon as possible - do not copy, use, or disclose this message.
diff -Nru e2fsprogs-1.41.12/debian/changelog e2fsprogs-1.41.12/debian/changelog --- e2fsprogs-1.41.12/debian/changelog 2011-06-19 00:21:52.000000000 +0700 +++ e2fsprogs-1.41.12/debian/changelog 2015-02-09 15:15:05.000000000 +0700 @@ -1,3 +1,13 @@ +e2fsprogs (1.41.12-4stable1+squeeze1) stable; urgency=low + + * Non-maintainer upload by the Debian LTS team. + * libext2fs: Fix buffer overflow if s_first_meta_bg is too big + as reported in CVE-2015-0247. + Refer to upstream commit: + https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4 + + -- Nguyen Cong <[email protected]> Mon, 09 Feb 2015 15:07:42 +0700 + e2fsprogs (1.41.12-4stable1) stable; urgency=high * Upload to proposed-updates diff -Nru e2fsprogs-1.41.12/lib/ext2fs/closefs.c e2fsprogs-1.41.12/lib/ext2fs/closefs.c --- e2fsprogs-1.41.12/lib/ext2fs/closefs.c 2011-06-19 00:14:54.000000000 +0700 +++ e2fsprogs-1.41.12/lib/ext2fs/closefs.c 2015-02-09 15:04:53.000000000 +0700 @@ -284,9 +284,11 @@ * superblocks and group descriptors. */ group_ptr = (char *) group_shadow; - if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) + if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { old_desc_blocks = fs->super->s_first_meta_bg; - else + if (old_desc_blocks > fs->super->s_first_meta_bg) + old_desc_blocks = fs->desc_blocks; + } else old_desc_blocks = fs->desc_blocks; for (i = 0; i < fs->group_desc_count; i++) { diff -Nru e2fsprogs-1.41.12/lib/ext2fs/openfs.c e2fsprogs-1.41.12/lib/ext2fs/openfs.c --- e2fsprogs-1.41.12/lib/ext2fs/openfs.c 2011-06-19 00:14:54.000000000 +0700 +++ e2fsprogs-1.41.12/lib/ext2fs/openfs.c 2015-02-09 15:07:20.000000000 +0700 @@ -304,9 +304,11 @@ group_block = fs->super->s_first_data_block; dest = (char *) fs->group_desc; groups_per_block = EXT2_DESC_PER_BLOCK(fs->super); - if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) + if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { first_meta_bg = fs->super->s_first_meta_bg; - else + if (first_meta_bg > fs->desc_blocks) + first_meta_bg = fs->desc_blocks; + } else first_meta_bg = fs->desc_blocks; if (first_meta_bg) { retval = io_channel_read_blk(fs->io, group_block+1,
-- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com
