Updated e2fsprogs packages fix security vulnerability
Publication date: 16 Oct 2019Modification date: 16 Oct 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-5094
Description
Updated e2fsprogs packages fix security vulnerability: Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code (CVE-2019-5094). The e2fsprogs package has been updated to version 1.45.4, fixing this issue and other bugs. See the upstream release notes for details.
References
SRPMS
7/core
- e2fsprogs-1.45.4-1.mga7