Red Hat Security Advisory 2022-7720-01 - The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Issues addressed include an out of bounds read vulnerability.
c615860decaedb9ba87159886ae17cfca08cf989a2b31a65c7cc4e04db1e8306
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: e2fsprogs security and bug fix update
Advisory ID: RHSA-2022:7720-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7720
Issue date: 2022-11-08
CVE Names: CVE-2022-1304
====================================================================
1. Summary:
An update for e2fsprogs is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The e2fsprogs packages provide a number of utilities for creating,
checking, modifying, and correcting the ext2, ext3, and ext4 file systems.
Security Fix(es):
* e2fsprogs: out-of-bounds read/write via crafted filesystem
(CVE-2022-1304)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.7 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2069726 - CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem
2083621 - e2fsprogs: Update for RHEL8.7
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
e2fsprogs-1.45.6-5.el8.src.rpm
aarch64:
e2fsprogs-1.45.6-5.el8.aarch64.rpm
e2fsprogs-debuginfo-1.45.6-5.el8.aarch64.rpm
e2fsprogs-debugsource-1.45.6-5.el8.aarch64.rpm
e2fsprogs-devel-1.45.6-5.el8.aarch64.rpm
e2fsprogs-libs-1.45.6-5.el8.aarch64.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.aarch64.rpm
libcom_err-1.45.6-5.el8.aarch64.rpm
libcom_err-debuginfo-1.45.6-5.el8.aarch64.rpm
libcom_err-devel-1.45.6-5.el8.aarch64.rpm
libss-1.45.6-5.el8.aarch64.rpm
libss-debuginfo-1.45.6-5.el8.aarch64.rpm
ppc64le:
e2fsprogs-1.45.6-5.el8.ppc64le.rpm
e2fsprogs-debuginfo-1.45.6-5.el8.ppc64le.rpm
e2fsprogs-debugsource-1.45.6-5.el8.ppc64le.rpm
e2fsprogs-devel-1.45.6-5.el8.ppc64le.rpm
e2fsprogs-libs-1.45.6-5.el8.ppc64le.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.ppc64le.rpm
libcom_err-1.45.6-5.el8.ppc64le.rpm
libcom_err-debuginfo-1.45.6-5.el8.ppc64le.rpm
libcom_err-devel-1.45.6-5.el8.ppc64le.rpm
libss-1.45.6-5.el8.ppc64le.rpm
libss-debuginfo-1.45.6-5.el8.ppc64le.rpm
s390x:
e2fsprogs-1.45.6-5.el8.s390x.rpm
e2fsprogs-debuginfo-1.45.6-5.el8.s390x.rpm
e2fsprogs-debugsource-1.45.6-5.el8.s390x.rpm
e2fsprogs-devel-1.45.6-5.el8.s390x.rpm
e2fsprogs-libs-1.45.6-5.el8.s390x.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.s390x.rpm
libcom_err-1.45.6-5.el8.s390x.rpm
libcom_err-debuginfo-1.45.6-5.el8.s390x.rpm
libcom_err-devel-1.45.6-5.el8.s390x.rpm
libss-1.45.6-5.el8.s390x.rpm
libss-debuginfo-1.45.6-5.el8.s390x.rpm
x86_64:
e2fsprogs-1.45.6-5.el8.x86_64.rpm
e2fsprogs-debuginfo-1.45.6-5.el8.i686.rpm
e2fsprogs-debuginfo-1.45.6-5.el8.x86_64.rpm
e2fsprogs-debugsource-1.45.6-5.el8.i686.rpm
e2fsprogs-debugsource-1.45.6-5.el8.x86_64.rpm
e2fsprogs-devel-1.45.6-5.el8.i686.rpm
e2fsprogs-devel-1.45.6-5.el8.x86_64.rpm
e2fsprogs-libs-1.45.6-5.el8.i686.rpm
e2fsprogs-libs-1.45.6-5.el8.x86_64.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.i686.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.x86_64.rpm
libcom_err-1.45.6-5.el8.i686.rpm
libcom_err-1.45.6-5.el8.x86_64.rpm
libcom_err-debuginfo-1.45.6-5.el8.i686.rpm
libcom_err-debuginfo-1.45.6-5.el8.x86_64.rpm
libcom_err-devel-1.45.6-5.el8.i686.rpm
libcom_err-devel-1.45.6-5.el8.x86_64.rpm
libss-1.45.6-5.el8.i686.rpm
libss-1.45.6-5.el8.x86_64.rpm
libss-debuginfo-1.45.6-5.el8.i686.rpm
libss-debuginfo-1.45.6-5.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
e2fsprogs-debuginfo-1.45.6-5.el8.aarch64.rpm
e2fsprogs-debugsource-1.45.6-5.el8.aarch64.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.aarch64.rpm
libcom_err-debuginfo-1.45.6-5.el8.aarch64.rpm
libss-debuginfo-1.45.6-5.el8.aarch64.rpm
libss-devel-1.45.6-5.el8.aarch64.rpm
ppc64le:
e2fsprogs-debuginfo-1.45.6-5.el8.ppc64le.rpm
e2fsprogs-debugsource-1.45.6-5.el8.ppc64le.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.ppc64le.rpm
libcom_err-debuginfo-1.45.6-5.el8.ppc64le.rpm
libss-debuginfo-1.45.6-5.el8.ppc64le.rpm
libss-devel-1.45.6-5.el8.ppc64le.rpm
s390x:
e2fsprogs-debuginfo-1.45.6-5.el8.s390x.rpm
e2fsprogs-debugsource-1.45.6-5.el8.s390x.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.s390x.rpm
libcom_err-debuginfo-1.45.6-5.el8.s390x.rpm
libss-debuginfo-1.45.6-5.el8.s390x.rpm
libss-devel-1.45.6-5.el8.s390x.rpm
x86_64:
e2fsprogs-debuginfo-1.45.6-5.el8.i686.rpm
e2fsprogs-debuginfo-1.45.6-5.el8.x86_64.rpm
e2fsprogs-debugsource-1.45.6-5.el8.i686.rpm
e2fsprogs-debugsource-1.45.6-5.el8.x86_64.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.i686.rpm
e2fsprogs-libs-debuginfo-1.45.6-5.el8.x86_64.rpm
libcom_err-debuginfo-1.45.6-5.el8.i686.rpm
libcom_err-debuginfo-1.45.6-5.el8.x86_64.rpm
libss-debuginfo-1.45.6-5.el8.i686.rpm
libss-debuginfo-1.45.6-5.el8.x86_64.rpm
libss-devel-1.45.6-5.el8.i686.rpm
libss-devel-1.45.6-5.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-1304
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY2pR0NzjgjWX9erEAQhITRAAnFoWBpSbcI2BzXr/x3+LnUzzJyis1MyZ
riZGIfQBlqO0c67WDLJjSZp0BVu9o+u0yv4nlrohif2s+zntt7vrOg5TkFXkVWY3
i2ZlcGs9u0hEwBlO6QlSB8Tkk0ky61MgLqjVetcT/y2GAmnooRYUnqs5E+b8elt8
f9nBJRmQRciRCOYegJPiOxpq9rtKQkFxU4c0M5x42B4aDqmfd2iGuBcMZDcBHKNe
q2mTgZ7al0VqHT+rDjKddyzyF4e/r70wiDAhYs3DDKiH0ievDtEm4edgWXcxuXrO
p6wxrSZi5eqK4jE86QJ+DC+wzTyrY5b8JWI6DC4atJk8PfhxRhHAXPTa8LPTMvVm
N9Vcxx3wbHqrbyAYhkXtyyIWLJNhv79KEYhGLY33blxL2Vb/GcMQs5fiYdVF1PNT
aH1NikPBlEjcpSMdKyaVN6wWJYAAJEmGqU4bh9zisJ5czIJQWQH9/clS3i7njBZT
ZZnRy9grj0kNdVgnCTcBkXXPT7Rp/geHGNV9FPJa3Gppj6bAdMEpJQItGebBMZ6X
mmWDV8eqwjQkTKD/BU+x9J93WIWrEIBk21hqYofiNXjnoqL6ktiGhJaViq3b1nTq
JmxWdlTOqd7O5kAuU7mDxSxa52cTr7Jv2PcqhMNcCxyWgR/wQiE7SG7zYVyF1FBq
V9IPXHt4rKc=htvR
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce