ALAS-2015-478


Amazon Linux 1 Security Advisory: ALAS-2015-478
Advisory Release Date: 2015-02-11 19:36 Pacific
Advisory Updated Date: 2015-02-11 19:49 Pacific
Severity: Medium

Issue Overview:

A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library (for example, fsck) to crash or, possibly, execute arbitrary code.


Affected Packages:

e2fsprogs


Issue Correction:
Run yum update e2fsprogs to update your system.

New Packages:
i686:
    libss-1.42.12-1.34.amzn1.i686
    e2fsprogs-libs-1.42.12-1.34.amzn1.i686
    e2fsprogs-static-1.42.12-1.34.amzn1.i686
    e2fsprogs-devel-1.42.12-1.34.amzn1.i686
    e2fsprogs-1.42.12-1.34.amzn1.i686
    e2fsprogs-debuginfo-1.42.12-1.34.amzn1.i686
    libcom_err-devel-1.42.12-1.34.amzn1.i686
    libcom_err-1.42.12-1.34.amzn1.i686
    libss-devel-1.42.12-1.34.amzn1.i686

src:
    e2fsprogs-1.42.12-1.34.amzn1.src

x86_64:
    e2fsprogs-libs-1.42.12-1.34.amzn1.x86_64
    libcom_err-1.42.12-1.34.amzn1.x86_64
    e2fsprogs-static-1.42.12-1.34.amzn1.x86_64
    libss-devel-1.42.12-1.34.amzn1.x86_64
    libss-1.42.12-1.34.amzn1.x86_64
    e2fsprogs-1.42.12-1.34.amzn1.x86_64
    e2fsprogs-debuginfo-1.42.12-1.34.amzn1.x86_64
    e2fsprogs-devel-1.42.12-1.34.amzn1.x86_64
    libcom_err-devel-1.42.12-1.34.amzn1.x86_64