PublicDateAtUSN: 2015-02-17
Candidate: CVE-2015-0247
PublicDate: 2015-02-17 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247
 http://www.ocert.org/advisories/ocert-2015-002.html
 https://ubuntu.com/security/notices/USN-2507-1
Description:
 Heap-based buffer overflow in openfs.c in the libext2fs library in
 e2fsprogs before 1.42.12 allows local users to execute arbitrary code via
 crafted block group descriptor data in a filesystem image.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Jose Duart
Assigned-to: mdeslaur
CVSS: 

Patches_e2fsprogs:
 upstream: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4446738c2c7f43d41988a3eb73347e2f5
upstream_e2fsprogs: released (1.42.12-1)
lucid_e2fsprogs: released (1.41.11-1ubuntu2.3)
precise_e2fsprogs: released (1.42-1ubuntu2.2)
trusty_e2fsprogs: released (1.42.9-3ubuntu1.2)
trusty/esm_e2fsprogs: released (1.42.9-3ubuntu1.2)
utopic_e2fsprogs: released (1.42.10-1.1ubuntu1.2)
devel_e2fsprogs: not-affected (1.42.12-1ubuntu1)