Bugzilla – Bug 980377
VUL-1: CVE-2016-4804: dosfstools: Heap-buffer-overflows in read_fat() and get_fat() functions
Last modified: 2020-07-27 18:16:26 UTC
rh#1336745 Multiple vulnerabilities were found in dosfstools. The variable used for storing the FAT size (in bytes) was an unsignedint. Since the size in sectors read from the BPB was not sufficiently checked, this could end up being zero after multiplying it with the sector size while some offsets still stayed excessive. Ultimately it would cause segfaults when accessing FAT entries for which no memory was allocated. External references: https://github.com/dosfstools/dosfstools/issues/25 https://github.com/dosfstools/dosfstools/issues/26 https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html Upstream fix: https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52 References: https://bugzilla.redhat.com/show_bug.cgi?id=1336745 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4804 http://seclists.org/oss-sec/2016/q2/343
bugbot adjusting priority
SRs sent for SLE12, SLE11-SP4 and SLE11-SP2 also for 13.2 and Leap 42.1. Factory has version 4.0 which is not affected. waiting for instructions for SLE11 and SLE10-SP3
This is an autogenerated message for OBS integration: This bug (980377) was mentioned in https://build.opensuse.org/request/show/397723 13.2+42.1 / dosfstools
openSUSE-SU-2016:1461-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 912607,980364,980377 CVE References: CVE-2015-8872,CVE-2016-4804 Sources used: openSUSE Leap 42.1 (src): dosfstools-3.0.26-6.1 openSUSE 13.2 (src): dosfstools-3.0.26-3.8.1
SUSE-SU-2016:2145-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 912607,980364,980377 CVE References: CVE-2015-8872,CVE-2016-4804 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): dosfstools-3.0.26-6.5 SUSE Linux Enterprise Desktop 12-SP1 (src): dosfstools-3.0.26-6.5
SUSE-SU-2016:2146-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 980364,980377 CVE References: CVE-2015-8872,CVE-2016-4804 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): dosfstools-3.0.26-3.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): dosfstools-3.0.26-3.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-09-15. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63012
openSUSE-SU-2016:2233-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 912607,980364,980377 CVE References: CVE-2015-8872,CVE-2016-4804 Sources used: openSUSE Leap 42.1 (src): dosfstools-3.0.26-9.1
released