Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code. (CVE-2015-0247, CVE-2015-1572)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "2.1-1.42.9-3ubuntu1.2", "binary_name": "comerr-dev" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "e2fsck-static" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "e2fslibs" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "e2fslibs-dbg" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "e2fslibs-dev" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "e2fsprogs" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "e2fsprogs-dbg" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "e2fsprogs-udeb" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "libcomerr2" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "libcomerr2-dbg" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "libss2" }, { "binary_version": "1.42.9-3ubuntu1.2", "binary_name": "libss2-dbg" }, { "binary_version": "2.0-1.42.9-3ubuntu1.2", "binary_name": "ss-dev" } ] }