|
|
Log in / Subscribe / Register

Mageia alert MGASA-2019-0296 (e2fsprogs)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2019-0296: Updated e2fsprogs packages fix security vulnerability 


Date:
              Thu, 17 Oct 2019 00:23:41 +0200


Message-ID:
              <20191016222341.B29A39F6FB@duvel.mageia.org>


MGASA-2019-0296 - Updated e2fsprogs packages fix security vulnerability

Publication date: 16 Oct 2019
URL: https://advisories.mageia.org/MGASA-2019-0296.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-5094

Description:
Updated e2fsprogs packages fix security vulnerability:

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code
used by e2fsck from the ext2/ext3/ext4 file system utilities. Running
e2fsck on a malformed file system can result in the execution of arbitrary
code (CVE-2019-5094).

The e2fsprogs package has been updated to version 1.45.4, fixing this issue
and other bugs. See the upstream release notes for details.

References:
- https://bugs.mageia.org/show_bug.cgi?id=25562
- http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1...
- https://www.debian.org/security/2019/dsa-4535
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094

SRPMS:
- 7/core/e2fsprogs-1.45.4-1.mga7
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds