Mageia 2019-0296 Moderate: E2fsprogs Buffer Overflow Exploit

mageia

October 16, 2019

Updated e2fsprogs packages fix security vulnerability: Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system...

Summary

Updated e2fsprogs packages fix security vulnerability:
Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code (CVE-2019-5094).
The e2fsprogs package has been updated to version 1.45.4, fixing this issue and other bugs. See the upstream release notes for details.

References

- https://bugs.mageia.org/show_bug.cgi?id=25562

- https://lists.debian.org/debian-security-announce/2019/msg00183.html

- https://www.cve.org/CVERecord?id=CVE-2019-5094

Topics Covered

security advisory buffer overflow code execution e2fsprogs issue fix mageia

Resolution

SRPMS

- 7/core/e2fsprogs-1.45.4-1.mga7

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 16 Oct 2019

URL: https://advisories.mageia.org/MGASA-2019-0296.html

Type: security

CVE: CVE-2019-5094

Topics Covered

security advisory buffer overflow code execution e2fsprogs issue fix mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks