Upstream information

CVE-2007-5497 at MITRE

Description

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 340473 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • e2fsprogs >= 1.41.9-2.1.51
  • libcom_err2 >= 1.41.9-2.1.51
  • libcom_err2-32bit >= 1.41.9-2.1.51
  • libcom_err2-x86 >= 1.41.9-2.1.51
  • libext2fs2 >= 1.41.9-2.1.51
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA e2fsprogs
SUSE Linux Enterprise Server 11 SP2
  • e2fsprogs >= 1.41.9-2.7.1
  • libcom_err2 >= 1.41.9-2.7.1
  • libcom_err2-32bit >= 1.41.9-2.7.1
  • libcom_err2-x86 >= 1.41.9-2.7.1
  • libext2fs2 >= 1.41.9-2.7.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA e2fsprogs
SUSE Linux Enterprise Server 11 SP3
  • e2fsprogs >= 1.41.9-2.9.1
  • libcom_err2 >= 1.41.9-2.9.1
  • libcom_err2-32bit >= 1.41.9-2.9.1
  • libcom_err2-x86 >= 1.41.9-2.9.1
  • libext2fs2 >= 1.41.9-2.9.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA e2fsprogs
SUSE Linux Enterprise Server 11 SP4
  • e2fsprogs >= 1.41.9-2.14.3
  • libcom_err2 >= 1.41.9-2.14.3
  • libcom_err2-32bit >= 1.41.9-2.14.3
  • libcom_err2-x86 >= 1.41.9-2.14.3
  • libext2fs2 >= 1.41.9-2.14.3
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA e2fsprogs
SUSE Linux Enterprise Software Development Kit 11 SP4
  • e2fsprogs-devel >= 1.41.9-2.14.3
  • libcom_err-devel >= 1.41.9-2.14.3
  • libcom_err-devel-32bit >= 1.41.9-2.14.3
  • libext2fs-devel >= 1.41.9-2.14.3
  • libext2fs-devel-32bit >= 1.41.9-2.14.3
  • libext2fs2-32bit >= 1.41.9-2.14.3
  • libext2fs2-x86 >= 1.41.9-2.14.3
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA e2fsprogs-devel
SUSE LINUX 10.0
  • e2fsprogs >= 1.38-4.3
  • e2fsprogs-32bit >= 1.38-4.3
  • e2fsprogs-64bit >= 1.38-4.3
  • e2fsprogs-devel >= 1.38-4.3
  • e2fsprogs-devel-32bit >= 1.38-4.3
  • e2fsprogs-devel-64bit >= 1.38-4.3
  • libcom_err >= 1.38-4.3
  • libcom_err-32bit >= 1.38-4.3
  • libcom_err-64bit >= 1.38-4.3
SUSE LINUX 10.1
  • e2fsprogs >= 1.38-25.27
  • e2fsprogs-32bit >= 1.38-25.27
  • e2fsprogs-64bit >= 1.38-25.27
  • e2fsprogs-devel >= 1.38-25.27
  • e2fsprogs-devel-32bit >= 1.38-25.27
  • e2fsprogs-devel-64bit >= 1.38-25.27
  • libcom_err >= 1.38-25.27
  • libcom_err-32bit >= 1.38-25.27
  • libcom_err-64bit >= 1.38-25.27
SuSE Linux Desktop 1.0
  • e2fsprogs >= 1.28-146
sled10.x86
ul1.s390
core9.s390
slrs8.x86
sles9-oes.x86
sles10.s390x
ZYPP Patch Nr: 4743
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • e2fsprogs >= 1.28-146
  • e2fsprogs-devel >= 1.28-146
sled10.x86
ul1.s390
core9.s390
slrs8.x86
sles9-oes.x86
sles10.s390x
ZYPP Patch Nr: 4743
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • e2fsprogs >= 1.38-4.23.2
  • e2fsprogs-devel >= 1.38-4.23.2
sled10.x86
ul1.s390
core9.s390
slrs8.x86
sles9-oes.x86
sles10.s390x
ZYPP Patch Nr: 4743
Novell Linux Desktop 9 for x86_64
  • e2fsprogs >= 1.38-4.23.2
  • e2fsprogs-32bit >= 9-200711231622
  • e2fsprogs-devel >= 1.38-4.23.2
  • e2fsprogs-devel-32bit >= 9-200711231622
sled10.x86
ul1.s390
core9.s390
slrs8.x86
sles9-oes.x86
sles10.s390x
ZYPP Patch Nr: 4743