[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2290-1] e2fsprogs security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2290-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 26, 2020                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : e2fsprogs
Version        : 1.43.4-2+deb9u2
CVE ID         : CVE-2019-5188


An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.


For Debian 9 stretch, this problem has been fixed in version
1.43.4-2+deb9u2.

We recommend that you upgrade your e2fsprogs packages.

For the detailed security status of e2fsprogs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/e2fsprogs

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl8dnxFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeaJQ//UFW3U38IbxAn6bw/7CqYhr+IhbYG9FVQjTO68jRi2afAEgg+4c83NJAs
DSxM0VKd0rlhbSmkEx2XkotRTjt97H1N56NeluIZPF0XqmG0gGqUdNu5o1AwYm+n
STzO3bchoEKk+A8LxZrsh87VZ9YjIrXCZHhkjtTQcU/pBFCxhfZ26MSTgVamlmwv
KF/caZ++qyCrXEh89sCzazkcO+jYAJFhpsQj70VB6cldASExZ0ufAt8PSd59NIf2
ACznb7S2xd9NZB7ot3me3Jll2mXmNJom9PkraEU7W9TAUJCHrMcggnRGfcPUMbjD
rdOvQvOA+UVUo/oCiLqtIxZ4oR0dLwZhPdzX7ETYa+YYFnEfRCtqqRD3Bsyw4sM1
osZ9DRAxSzfffc6UMp0bf47HhUCV04ztINfdq3S1+uHixn0nhMIcpkiXDIvNuDEi
rFP2J3blba0Jy81EokFdYf6+OB690icgibJHqfM2z49oJ/jV6zVw3gY7RIePpeEv
IwIAv1Bw/HOWGXpepsFZVQ2WjHe+KQTqM0zTi3CVUTOte5ghd0x0dZ2y17qCN+6L
n0v7HyL3XqUn4qJGX74W+BX3kZ2B0D1CJChW1VG0C5NkxGtZuiHQp7JXhr2vi6Om
OrAi4tIADHa1oPZPZfr657/N8E753VMsNxf1NwgphnbyHf2f0hs=
=FvUM
-----END PGP SIGNATURE-----


Reply to: