Ubuntu
xfsprogs package

xfsprogs: xfs_metadump information disclosure

Trusty (14.04)
Bug #1489066

Bug #1489066 reported by Daniel Bast on 2015-08-26

256

This bug affects 1 person

	Status	Importance	Assigned to
xfsprogs (Ubuntu)	Fix Released	Low	Unassigned
Precise	Won't Fix	Low	Unassigned
Trusty	Triaged	Low	Unassigned
Vivid	Triaged	Low	Unassigned
Wily	Triaged	Low	Unassigned

Bug Description

Please see http://seclists.org/oss-sec/2015/q3/181 for details.

Fixed upstream in version 3.2.4, see http://oss.sgi.com/pipermail/xfs/2015-July/042726.html

Also fixed by that version in debian, see https://security-tracker.debian.org/tracker/CVE-2012-2150

Cheers,

Daniel

CVE References

2012-2150

Daniel Bast (daniel-bast) on 2015-08-26

information type:

Private Security → Public Security

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2015-08-28:

Hi Daniel - Thanks for the bug report. We are aware of this issue and have triaged it in our CVE tracker:

http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2150.html

We consider it to be low priority and will update xfsprogs in our stable releases once a higher priority issue is found.

Changed in xfsprogs (Ubuntu):
importance:	Undecided → Low
status:	New → Triaged

Colin Watson (cjwatson) on 2015-11-27

Changed in xfsprogs (Ubuntu Precise):
status:	New → Triaged
importance:	Undecided → Low
Changed in xfsprogs (Ubuntu Trusty):
status:	New → Triaged
importance:	Undecided → Low
Changed in xfsprogs (Ubuntu Vivid):
status:	New → Triaged
importance:	Undecided → Low
Changed in xfsprogs (Ubuntu Wily):
status:	New → Triaged
importance:	Undecided → Low

Revision history for this message

Colin Watson (cjwatson) wrote on 2015-11-27:

This bug was fixed in the package xfsprogs - 4.2.0

---------------
xfsprogs (4.2.0) unstable; urgency=low

* New upstream release

-- Nathan Scott <email address hidden> Mon, 07 Sep 2015 10:13:54 +1000

xfsprogs (3.2.4) unstable; urgency=low

* New upstream release
* Fix xfs_metadump information leak (CVE-2012-2150)

-- Nathan Scott <email address hidden> Wed, 29 Jul 2015 15:31:27 +1000

xfsprogs (3.2.3) unstable; urgency=low

* New upstream release

-- Nathan Scott <email address hidden> Mon, 01 Jun 2015 11:35:02 +1000

xfsprogs (3.2.2) unstable; urgency=low

  * New upstream release
  * Rework dh-autoreconf invocation (closes: #757455)
  * Update licensing words for headers (closes: #751511)

-- Nathan Scott <email address hidden> Mon, 10 Nov 2014 20:35:27 +1100

Changed in xfsprogs (Ubuntu):
status:	Triaged → Fix Released

Revision history for this message

Steve Langasek (vorlon) wrote on 2021-10-14:

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in xfsprogs (Ubuntu Precise):
status:	Triaged → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuxfsprogs package

xfsprogs: xfs_metadump information disclosure

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
xfsprogs package