[SECURITY] [DSA 4535-1] e2fsprogs security update

From: Salvatore Bonaccorso <carnil@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4535-1] e2fsprogs security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4535-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 27, 2019                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : e2fsprogs
CVE ID         : CVE-2019-5094
Debian Bug     : 941139

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota
code used by e2fsck from the ext2/ext3/ext4 file system utilities.
Running e2fsck on a malformed file system can result in the execution of
arbitrary code.

For the oldstable distribution (stretch), this problem has been fixed
in version 1.43.4-2+deb9u1.

For the stable distribution (buster), this problem has been fixed in
version 1.44.5-1+deb10u2.

We recommend that you upgrade your e2fsprogs packages.

For the detailed security status of e2fsprogs please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/e2fsprogs

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2Of/xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q6Zg/9GWawqZcu65yl5zr0+vs8RSWB5193eMW/EmzjPEqij9iuy3j+uPWiVwy3
W8e0+87IZgY9cQUsilqsXVEelyx+Kg2uvMRiQET47WGGeWAxL5Hy2ntYTfgMKZ0z
OA3h8I0Dep1ex6WbOYrhrNYYbRQhz2+LMScL2Z1oNiK2+kCnFwZ8T7c8ZYczXpHz
FIP1rtKn0z0rLhncpcsmNmLIlOCnk7htGb5Zq0wfjkqNQICTL/fUAQYPHbT8i27K
sTyZTRA72URw7iYbbjFW86Lv/ly34ss3OT0Skoz/EDTihAF3MZfIyFNeYYyTST4L
yt4XSvNEyfKriLZuiB4KGr5ImgRU7RHo92aLfo4WTsnW4DzvXqaxVl19lMBBLh4/
JUYEweJLorf6KQ+Umbke11evr4d9ayKj5tyPtWfGQ4ts5auOGzx7qkyzGHvd9816
y8duWITrc4ANguGx3wX2dtWR1AFuEGyGhsvMMYOILwkef3sfIBILLLVkFvA/1w/H
Vo8LLRGGRMMcEgezmWKKFym0k309D3ldnn9u3ES87ANQU0wGE6Z3K3QzkfscAKzS
Sq18f6oo+GoETQBuWEDTpE8gM5jX6uEBcf1I/g8cJamaHdz3rjuYQPjzwRkiz3xn
j4qFI+sENriVCx2XK/99FiRJfrhaNkgWG8eR0mKnXHKnJ0KZxiQ=
=RTeU
-----END PGP SIGNATURE-----





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.