[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1935-1] e2fsprogs security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : e2fsprogs
Version        : 1.42.12-2+deb8u1
CVE ID         : CVE-2019-5094


Lilith of Cisco Talos discovered a buffer overflow flaw in the quota
code used by e2fsck from the ext2/ext3/ext4 file system utilities.
Running e2fsck on a malformed file system can result in the execution of
arbitrary code.


For Debian 8 "Jessie", this problem has been fixed in version
1.42.12-2+deb8u1.

We recommend that you upgrade your e2fsprogs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2PK7JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdjoRAAjZzx8443gvB4G3K1C0vxSNiSBUqNTInW8Qa/kuRzB7H/YzKQOSgTO3Km
vYlyu4DH8q2cht8LJLjbsoeOH02RMKum2/Ju1HO20EUl7dXQHnSwdjq29gTNfFxN
ienzYanm3+1Fy9JKBet9HxUqZs1xR2hucSR+U8qmpvVxGdloK0V52qh0IPmW2to8
Vi/xTe4lctHneVfWsPgnx8o10INmczub+JLGjxLT0dpUr271lP7Xs4sAyKgbkukX
3+hVsdoGrqA15+hK+OJZ5N6B3fXo4b3tG5b+Z7NnW9JFyfEGrfz6e+/KsBFORFeY
UzOWdbmKgJhGN1ezNg5xYy4k3s4FJdrX9VBldfWCDBwVpK074h/1Fo6gcm1NlmCR
lSk62YMMAzxiaD0YbfuRftBeHCmdXyDxduo0+SfKKIahpJu+Q+YPQNzu2Y+EKV3H
IGGuaCW8S5ZDkjIPJZwN7XLUVLMsMV8pteXwRbXjPzblsQS2yZkb/I6YogHkw5XJ
1KivIPci8DBZRTLt4ti3BdJ8Got2CgtsGatV5z9FHUTr4xFdoyRFWJbc9wL3k5IF
aNL0gRzwkpy8xZHXq0EfgWydlZ9h/Rx3MQSFYz0VrdPX5LkhP84hmUhbjEavOiQ1
oCZ/Y9b8H9/DDCQ2FiVGn1ISKCBdpOlannLVBK9p6CZEISlONUo=
=wu9B
-----END PGP SIGNATURE-----


Reply to: