Date: Mon, 11 Feb 2008 23:49:25 -0900
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@foresightlinux.org.>
To: [email protected]Subject: FLEA-2008-0005-1 e2fsprogs
Message-ID: <47b15d95.3jutwMCAYZN5r/Mt%[email protected]>
User-Agent: Heirloom mailx 12.3 7/15/07
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Foresight Linux Essential Advisory: 2008-0005-1
Published: 2008-02-11
Rating: Minor
Updated Versions:
e2fsprogs=/conary.rpath.com@rpl:devel//1/1.37-3.3-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.2-0.7-3
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497http://wiki.rpath.com/Advisories:rPSA-2007-0262
Description:
Previous versions of the e2fsprogs package are vulnerable to multiple
integer overflows which may be exploited via specially-crafted filesystems.
The workaround for is to not run fsck on a filesystem to which an untrusted
user has the ability to directly modify filesystem metadata. This is most
commonly an issue when using a virtualization solution in which the root
user for the guest OS is not trusted, and can convince the host's root user
to run fsck on the guests's filesystem. Foresight Linux neither enables nor
supports any form of virtualization in the default install.
- ---
Copyright 2008 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)
iQIcBAEBAgAGBQJHsV2RAAoJENfwEn07iAtZhb0P/RnKJzBXlNtpyaN5BgvaslbP
2asNCwET0Xn4VdwTdX/bDfMIYiRskTezYoApYUspmoVdPupMg41IXu9UmE3rQVtP
GzYsbznEjuOeBJlF5LTfkvS1qnJJaok/If3ISPlqXkC+r9N59+3hJE3CwjGTKzZx
9+KocNTpPbhUXqp2PCg7dGiB3pSZ3lUTAcFotBQTBdEIfMXNOm9GvjM5fF2oKglb
8StmutCZ5KbrO8OXwSJfocHzLKNmyJDaQ9lBuqwmIVE/0KNDiaYB4IxlsmomoPjg
uXSbhVK+fpzAeX8JqgRl3QCNZvXGeUvzaANDdmmjhVnc9UBXy5dvh4GVBx+TIQWl
gQ3fBmTramU1OIYP3ip80aV9SLE+BDWOa0Nz6hNL5ed9MiaeYq1CE+x5HwSr7+Se
QOP+RH7tiCaGOkQuvdYEqRkvwQ2+nNKkQGnM3O3JPRVnblTKoEgpWLEcPGAl+Znr
fYQdy5ufUffuX/bBitt3e9zObBwx1ziYXzZVXfEsTmTWlzeETNDPQdzhD0yRwHvZ
xGbBAQgaTr5+ikFGi4VZFTCv5pf5ljdMP5h36zL9oWsZFMA8MLJf8QRaNN8rOl0X
ojGSoBKPzGNkFu+PB8/17dcf24f0oD1Osd18vRw96fSppMfW0BK+Dc5gjW5ek7KK
sIytgbLlNi76mHUJVv48
=0Zx9
-----END PGP SIGNATURE-----