PublicDateAtUSN: 2015-02-16
Candidate: CVE-2015-1572
PublicDate: 2015-02-24 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572
 https://ubuntu.com/security/notices/USN-2507-1
Description:
 Heap-based buffer overflow in closefs.c in the libext2fs library in
 e2fsprogs before 1.42.12 allows local users to execute arbitrary code by
 causing a crafted block group descriptor to be marked as dirty. NOTE: this
 vulnerability exists because of an incomplete fix for CVE-2015-0247.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_e2fsprogs:
 upstream: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
upstream_e2fsprogs: needs-triage
lucid_e2fsprogs: released (1.41.11-1ubuntu2.3)
precise_e2fsprogs: released (1.42-1ubuntu2.2)
trusty_e2fsprogs: released (1.42.9-3ubuntu1.2)
trusty/esm_e2fsprogs: released (1.42.9-3ubuntu1.2)
utopic_e2fsprogs: released (1.42.10-1.1ubuntu1.2)
devel_e2fsprogs: released (1.42.12-1ubuntu2)