lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <47b15d95.3jutwMCAYZN5r/Mt%foresight-security-noreply@foresightlinux.org>
Date: Mon, 11 Feb 2008 23:49:25 -0900
From: Foresight Linux Essential Announcement Service
	<foresight-security-noreply@...esightlinux.org>
To: foresight-security-announce@...ts.rpath.org
Cc: lwn@....net, security-alerts@...uxsecurity.com, bugtraq@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk
Subject: FLEA-2008-0005-1 e2fsprogs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2008-0005-1
Published: 2008-02-11

Rating: Minor

Updated Versions:
    e2fsprogs=/conary.rpath.com@rpl:devel//1/1.37-3.3-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.2-0.7-3

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497
    http://wiki.rpath.com/Advisories:rPSA-2007-0262

Description:
    Previous versions of the e2fsprogs package are vulnerable to multiple
    integer overflows which may be exploited via specially-crafted filesystems.

    The workaround for is to not run fsck on a filesystem to which an untrusted
    user has the ability to directly modify filesystem metadata. This is most
    commonly an issue when using a virtualization solution in which the root
    user for the guest OS is not trusted, and can convince the host's root user
    to run fsck on the guests's filesystem. Foresight Linux neither enables nor
    supports any form of virtualization in the default install.

- ---

Copyright 2008 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iQIcBAEBAgAGBQJHsV2RAAoJENfwEn07iAtZhb0P/RnKJzBXlNtpyaN5BgvaslbP
2asNCwET0Xn4VdwTdX/bDfMIYiRskTezYoApYUspmoVdPupMg41IXu9UmE3rQVtP
GzYsbznEjuOeBJlF5LTfkvS1qnJJaok/If3ISPlqXkC+r9N59+3hJE3CwjGTKzZx
9+KocNTpPbhUXqp2PCg7dGiB3pSZ3lUTAcFotBQTBdEIfMXNOm9GvjM5fF2oKglb
8StmutCZ5KbrO8OXwSJfocHzLKNmyJDaQ9lBuqwmIVE/0KNDiaYB4IxlsmomoPjg
uXSbhVK+fpzAeX8JqgRl3QCNZvXGeUvzaANDdmmjhVnc9UBXy5dvh4GVBx+TIQWl
gQ3fBmTramU1OIYP3ip80aV9SLE+BDWOa0Nz6hNL5ed9MiaeYq1CE+x5HwSr7+Se
QOP+RH7tiCaGOkQuvdYEqRkvwQ2+nNKkQGnM3O3JPRVnblTKoEgpWLEcPGAl+Znr
fYQdy5ufUffuX/bBitt3e9zObBwx1ziYXzZVXfEsTmTWlzeETNDPQdzhD0yRwHvZ
xGbBAQgaTr5+ikFGi4VZFTCv5pf5ljdMP5h36zL9oWsZFMA8MLJf8QRaNN8rOl0X
ojGSoBKPzGNkFu+PB8/17dcf24f0oD1Osd18vRw96fSppMfW0BK+Dc5gjW5ek7KK
sIytgbLlNi76mHUJVv48
=0Zx9
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ