Mandriva Update For E2fsprogs MDKSA-2007:242 (e2fsprogs) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These flaws could result in heap-based overflows potentially allowing for the execution of arbitrary code. The updated packages have been patched to correct these issues.

Affected

e2fsprogs on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-5497
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:042 (samba)
Mandrake Security Advisory MDVSA-2009:051 (libpng)
Mandrake Security Advisory MDVSA-2009:192 (phpmyadmin)
Mandrake Security Advisory MDVSA-2009:133 (irssi)
Mandrake Security Advisory MDVSA-2009:174 (perl-Compress-Raw-Zlib)

Mandriva Update for e2fsprogs MDKSA-2007:242 (e2fsprogs)

Take action and discover your vulnerabilities