Updated e2fsprogs packages that fix several security issues are now
available for Red Hat Enterprise Linux.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The e2fsprogs packages contain a number of utilities for creating,
checking, modifying, and correcting any inconsistencies in second and third
extended (ext2/ext3) file systems.
Multiple integer overflow flaws were found in the way e2fsprogs processes
file system content. If a victim opens a carefully crafted file system with
a program using e2fsprogs, it may be possible to execute arbitrary code
with the permissions of the victim. It may be possible to leverage this
flaw in a virtualized environment to gain access to other virtualized
Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for
responsibly disclosing these issues.
Users of e2fsprogs are advised to upgrade to these updated packages, which
contain a backported patch to resolve these issues.