LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2007-4461 (e2fsprogs)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: e2fsprogs-1.40.2-3.fc7


Date:
    	      Fri, 18 Jan 2008 17:00:25 -0700


Message-ID:
    	      <200801190000.m0J00gFe008539@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-4461
2008-01-16 18:57:20
--------------------------------------------------------------------------------

Name        : e2fsprogs
Product     : Fedora 7
Version     : 1.40.2
Release     : 3.fc7
URL         : http://e2fsprogs.sourceforge.net/
Summary     : Utilities for managing the second and third extended (ext2/ext3) filesystems
Description :
The e2fsprogs package contains a number of utilities for creating,
checking, modifying, and correcting any inconsistencies in second
and third extended (ext2/ext3) filesystems. E2fsprogs contains
e2fsck (used to repair filesystem inconsistencies after an unclean
shutdown), mke2fs (used to initialize a partition to contain an
empty ext2 filesystem), debugfs (used to examine the internal
structure of a filesystem, to manually repair a corrupted
filesystem, or to create test cases for e2fsck), tune2fs (used to
modify filesystem parameters), and most of the other core ext2fs
filesystem utilities.

You should install the e2fsprogs package if you need to manage the
performance of an ext2 and/or ext3 filesystem.

--------------------------------------------------------------------------------
Update Information:

CVE-2007-5497

--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2007 Eric Sandeen <esandeen@redhat.com> 1.40.2-3
- Fix integer overflows (#414571 / CVE-2007-5497)
* Wed Jul 18 2007 Eric Sandeen <esandeen@redhat.com> 1.40.2-2
- Fix bug in ext2fs_swap_inode_full() on big-endian boxes
* Tue Jul 17 2007 Eric Sandeen <esandeen@redhat.com> 1.40.2-1
- New version 1.40.2
- Fix up warning in badblocks
* Mon Jun 25 2007 Eric Sandeen <esandeen@redhat.com> 1.39-15
- Fix up .po files to remove timestamps; multilib issues (#245653)
* Fri Jun 22 2007 Eric Sandeen <esandeen@redhat.com> 1.39-14
- Many coverity-found potential leaks, segfaults, etc (#239354)
- Fix debugfs segfaults when no fs open (#208416, #209330)
- Avoid recursive loops in logdump due to symlinks in /dev (#210371)
- Don't write changes to the backup superblocks by default (#229561)
- Correct byteswapping for fast symlinks with xattrs (#232663)
- e2fsck: added sanity check for xattr validation (#230193)
* Wed Jun 20 2007 Eric Sandeen <esandeen@redhat.com> 1.39-13
- add dist tag to release field
* Wed Jun 20 2007 Eric Sandeen <esandeen@redhat.com> 1.39-12
- add LUKS support to libblkid (#242421)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #414571 - CVE-2007-5497 e2fsprogs multiple integer overflows [F7]
        https://bugzilla.redhat.com/show_bug.cgi?id=414571
--------------------------------------------------------------------------------
Updated packages:

f46f6a669d933d8d0d3c31ace0287fc270579097 e2fsprogs-libs-1.40.2-3.fc7.ppc64.rpm
62dfdf0bc8d4ab4edff3b10008bb04fee3dbfafb e2fsprogs-debuginfo-1.40.2-3.fc7.ppc64.rpm
1128e9bdb19a8d5bc05ac40e811217478dd22f0f e2fsprogs-1.40.2-3.fc7.ppc64.rpm
4903f9728fd5840b92bc35f3acbad46c032e461c e2fsprogs-devel-1.40.2-3.fc7.ppc64.rpm
fe6389dbea4cf72d75c8c67f4d77286f5f37dc49 e2fsprogs-libs-1.40.2-3.fc7.i386.rpm
f7734510507e698f3d355acef291dd7c8ed6625a e2fsprogs-debuginfo-1.40.2-3.fc7.i386.rpm
d0eb54ab2456b49ceb341b9fb44b4ed6924584db e2fsprogs-1.40.2-3.fc7.i386.rpm
12cddf031d6cdd5ab684d04b40467ac05e3862d0 e2fsprogs-devel-1.40.2-3.fc7.i386.rpm
4cbfcc13800d1edc4d8361f403fdacb1708136d9 e2fsprogs-1.40.2-3.fc7.x86_64.rpm
4197ddd309dc4aa1017feae11e7e2dfad9bbb9de e2fsprogs-libs-1.40.2-3.fc7.x86_64.rpm
1319deff60ac4ff99d78e807919729641388d468 e2fsprogs-devel-1.40.2-3.fc7.x86_64.rpm
b01f7afaebd39fb251636265eb6a239b266e62b7 e2fsprogs-debuginfo-1.40.2-3.fc7.x86_64.rpm
b71e3d93ccf4282c347d2b08df1e205325907777 e2fsprogs-1.40.2-3.fc7.ppc.rpm
35ff781cc498a1d0043a89e4ea3ef31f5bbf29d4 e2fsprogs-libs-1.40.2-3.fc7.ppc.rpm
3a50a0f1a8f417d77cc9a0a59822f23edf909e5d e2fsprogs-devel-1.40.2-3.fc7.ppc.rpm
f70cb377b4c9d44c667d28f9c5ce20af425e321d e2fsprogs-debuginfo-1.40.2-3.fc7.ppc.rpm
106125f3450cfb5029563e84e3cae6a7f1c2d588 e2fsprogs-1.40.2-3.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update e2fsprogs' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds