Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
200
security advisorybug fixlow severityScientific Linux 7: SLSA-2015:2151-1 Low: xfsprogs Security Fix
Low: xfsprogs security, bug fix and enhancement update. Date: Mon, 21 Dec 2015 23:12:38 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Low: xfsprogs on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Low: xfsprogs security, bug fix and enhancement update Advisory ID: SLSA-2015:2151-1 Issue Date: 2015-11-19 CVE Numbers: CVE-2012-2150 -- It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information. (CVE-2012-2150) The xfsprogs packages have been upgraded to upstream version 3.2.2, which provides a number of bug fixes and enhancements over the previous version. This release also includes updates present in upstream version 3.2.3, although it omits the mkfs.xfs default disk format change (for metadata checksumming) which is present upstream. -- SL7 x86_64 xfsprogs-3.2.2-2.el7.i686.rpm xfsprogs-3.2.2-2.el7.x86_64.rpm xfsprogs-debuginfo-3.2.2-2.el7.i686.rpm xfsprogs-debuginfo-3.2.2-2.el7.x86_64.rpm xfsprogs-devel-3.2.2-2.el7.i686.rpm xfsprogs-devel-3.2.2-2.el7.x86_64.rpm xfsprogs-qa-devel-3.2.2-2.el7.i686.rpm xfsprogs-qa-devel-3.2.2-2.el7.x86_64.rpm - Scientific Linux Development Team . Minor security advisory released for Scientific Linux xfsprogs, addressing vulnerabilities to improve encryption protocols.. Scientific Linux Update,xfsprogs Security,xfsprogs Enhancement,Security Advisory. . Severity: Low. LinuxSecurity.com Team
Dec 21, 2015
•Low
Scientific Linux
89
security advisoryupdateFedoraFedora 21: xfsprogs Security Update - CVE-2012-2150 Information Disclosure
Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image. The expectation of xfs_metadump is to obfuscate all but the [More...]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-12406 2015-07-31 05:36:40 -------------------------------------------------------------------------------- Name : xfsprogs Product : Fedora 21 Version : 3.2.2 Release : 2.fc21 URL : Summary : Utilities for managing the XFS filesystem Description : A set of commands to use the XFS filesystem, including mkfs.xfs. XFS is a high performance journaling filesystem which originated on the SGI IRIX platform. It is completely multi-threaded, can support large files and large filesystems, extended attributes, variable block sizes, is extent based, and makes extensive use of Btrees (directories, extents, free space) to aid both performance and scalability. Refer to the documentation at for complete details. This implementation is on-disk compatible with the IRIX version of XFS. -------------------------------------------------------------------------------- Update Information: Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image. The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage: By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in length inclusively are partially obfuscated. While the xfs_metadump tool can be run by unprivileged users, it requires appropriate permissions to access block devices (such as root) where the sensitive data might be dumped. An unprivileged user, without access to the block device, could not use this flaw to obtain sensitive data they would not otherwise have permission to access. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Eric Sandeen 3.2.2-2 - Fix CVE-2012-2150 * Thu Dec 4 2014 Eric Sandeen 3.2.2-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #817696 - CVE-2012-2150 xfsprogs: xfs_metadump information disclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=817696 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xfsprogs' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 19, 2015
•Important
Fedora
89
security advisoryfedorasoftware updateFedora: FEDORA-2016-45678 Important: xfsprogs Security Flaw
Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image. The expectation of xfs_metadump is to obfuscate all but the [More...]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-12380 2015-07-30 17:17:03 -------------------------------------------------------------------------------- Name : xfsprogs Product : Fedora 23 Version : 3.2.4 Release : 1.fc23 URL : Summary : Utilities for managing the XFS filesystem Description : A set of commands to use the XFS filesystem, including mkfs.xfs. XFS is a high performance journaling filesystem which originated on the SGI IRIX platform. It is completely multi-threaded, can support large files and large filesystems, extended attributes, variable block sizes, is extent based, and makes extensive use of Btrees (directories, extents, free space) to aid both performance and scalability. Refer to the documentation at for complete details. This implementation is on-disk compatible with the IRIX version of XFS. -------------------------------------------------------------------------------- Update Information: Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image. The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage: By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in length inclusively are partially obfuscated. While the xfs_metadump tool can be run by unprivileged users, it requires appropriate permissions to access block devices (such as root) where the sensitive data might be dumped. An unprivileged user, without access to the block device, could not use this flaw to obtain sensitive data they would not otherwise have permission to access. -------------------------------------------------------------------------------- References: [ 1 ] Bug #817696 - CVE-2012-2150 xfsprogs: xfs_metadump information disclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=817696 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xfsprogs' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 19, 2015
•Important
Fedora
89
security advisoryFedorainformation disclosureFedora 22: xfsprogs Update Critical: xfs_metadump Data Exposure
Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image. The expectation of xfs_metadump is to obfuscate all but the [More...]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-12435 2015-07-31 05:37:47 -------------------------------------------------------------------------------- Name : xfsprogs Product : Fedora 22 Version : 3.2.2 Release : 2.fc22 URL : Summary : Utilities for managing the XFS filesystem Description : A set of commands to use the XFS filesystem, including mkfs.xfs. XFS is a high performance journaling filesystem which originated on the SGI IRIX platform. It is completely multi-threaded, can support large files and large filesystems, extended attributes, variable block sizes, is extent based, and makes extensive use of Btrees (directories, extents, free space) to aid both performance and scalability. Refer to the documentation at for complete details. This implementation is on-disk compatible with the IRIX version of XFS. -------------------------------------------------------------------------------- Update Information: Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image. The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage: By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in length inclusively are partially obfuscated. While the xfs_metadump tool can be run by unprivileged users, it requires appropriate permissions to access block devices (such as root) where the sensitive data might be dumped. An unprivileged user, without access to the block device, could not use this flaw to obtain sensitive data they would not otherwise have permission to access. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Eric Sandeen 3.2.2-2 - Fix CVE-2012-2051 -------------------------------------------------------------------------------- References: [ 1 ] Bug #817696 - CVE-2012-2150 xfsprogs: xfs_metadump information disclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=817696 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xfsprogs' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 12, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!