MGASA-2016-0184

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0184.html

Import Source

https://advisories.mageia.org/MGASA-2016-0184.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0184

Related

Published

2016-05-18T20:14:22Z

Modified

2016-05-18T20:07:46Z

Summary

Updated dosfstools packages fix security vulnerabilities

Details

Updated dosfstools package fixes security vulnerabilities:

In dosfstools before 4.0, if the third to last entry was written on a FAT12 filesystem with an odd number of clusters, the second to last entry would be corrupted. This corruption may also lead to invalid memory accesses when the corrupted entry becomes out of bounds and is used later (CVE-2015-8872).

In dosfstools before 4.0, the variable used for storing the FAT size (in bytes) was an unsigned int. Since the size in sectors read from the BPB was not sufficiently checked, this could end up being zero after multiplying it with the sector size while some offsets still stayed excessive. Ultimately it would cause segfaults when accessing FAT entries for which no memory was allocated (CVE-2016-4804).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / dosfstools

Package

Name: dosfstools
Purl: pkg:rpm/mageia/dosfstools?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.27-1.1.mga5

Ecosystem specific

{
    "section": "core"
}