[SECURITY] [DLA 2290-1] e2fsprogs security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2290-1] e2fsprogs security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 26 Jul 2020 17:19:45 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.20.2007261716160.16604@jupiter.server.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2290-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 26, 2020                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : e2fsprogs
Version        : 1.43.4-2+deb9u2
CVE ID         : CVE-2019-5188

An issue has been found in e2fsprogs, a package that containsext2/ext3/ext4 file system utilities. A specially crafted ext4 directorycan cause an out-of-bounds write on the stack, resulting in codeexecution. An attacker can corrupt a partition to trigger thisvulnerability.



For Debian 9 stretch, this problem has been fixed in version
1.43.4-2+deb9u2.

We recommend that you upgrade your e2fsprogs packages.

For the detailed security status of e2fsprogs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/e2fsprogs

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl8dnxFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeaJQ//UFW3U38IbxAn6bw/7CqYhr+IhbYG9FVQjTO68jRi2afAEgg+4c83NJAs
DSxM0VKd0rlhbSmkEx2XkotRTjt97H1N56NeluIZPF0XqmG0gGqUdNu5o1AwYm+n
STzO3bchoEKk+A8LxZrsh87VZ9YjIrXCZHhkjtTQcU/pBFCxhfZ26MSTgVamlmwv
KF/caZ++qyCrXEh89sCzazkcO+jYAJFhpsQj70VB6cldASExZ0ufAt8PSd59NIf2
ACznb7S2xd9NZB7ot3me3Jll2mXmNJom9PkraEU7W9TAUJCHrMcggnRGfcPUMbjD
rdOvQvOA+UVUo/oCiLqtIxZ4oR0dLwZhPdzX7ETYa+YYFnEfRCtqqRD3Bsyw4sM1
osZ9DRAxSzfffc6UMp0bf47HhUCV04ztINfdq3S1+uHixn0nhMIcpkiXDIvNuDEi
rFP2J3blba0Jy81EokFdYf6+OB690icgibJHqfM2z49oJ/jV6zVw3gY7RIePpeEv
IwIAv1Bw/HOWGXpepsFZVQ2WjHe+KQTqM0zTi3CVUTOte5ghd0x0dZ2y17qCN+6L
n0v7HyL3XqUn4qJGX74W+BX3kZ2B0D1CJChW1VG0C5NkxGtZuiHQp7JXhr2vi6Om
OrAi4tIADHa1oPZPZfr657/N8E753VMsNxf1NwgphnbyHf2f0hs=
=FvUM
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2288-1] qemu security update
Next by Date: [SECURITY] [DLA 2291-1] ffmpeg security update
Previous by thread: [SECURITY] [DLA 2288-1] qemu security update
Next by thread: [SECURITY] [DLA 2291-1] ffmpeg security update
Index(es):
- Date
- Thread