Mageia Advisory: MGASA-2019-0296 - Updated e2fsprogs packages fix security vulnerability

Updated e2fsprogs packages fix security vulnerability

Publication date: 16 Oct 2019
Modification date: 16 Oct 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-5094

Description

Updated e2fsprogs packages fix security vulnerability:

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code
used by e2fsck from the ext2/ext3/ext4 file system utilities. Running
e2fsck on a malformed file system can result in the execution of arbitrary
code (CVE-2019-5094).

The e2fsprogs package has been updated to version 1.45.4, fixing this issue
and other bugs. See the upstream release notes for details.

References

https://bugs.mageia.org/show_bug.cgi?id=25562
http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4
https://www.debian.org/security/2019/dsa-4535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094

SRPMS

7/core

e2fsprogs-1.45.4-1.mga7

Advisories » MGASA-2019-0296

Updated e2fsprogs packages fix security vulnerability

Description

References

SRPMS

7/core