[SECURITY] [DLA 1935-1] e2fsprogs security update

2019-09-2809:45:22

lists.debian.org

135

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.3%

JSON

Package : e2fsprogs
Version : 1.42.12-2+deb8u1
CVE ID : CVE-2019-5094

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota
code used by e2fsck from the ext2/ext3/ext4 file system utilities.
Running e2fsck on a malformed file system can result in the execution of
arbitrary code.

For Debian 8 "Jessie", this problem has been fixed in version
1.42.12-2+deb8u1.

We recommend that you upgrade your e2fsprogs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10i386ss-dev< 2.0-1.44.5-1+deb10u2ss-dev_2.0-1.44.5-1+deb10u2_i386.deb
Debian10arm64e2fsck-static< 1.44.5-1+deb10u2e2fsck-static_1.44.5-1+deb10u2_arm64.deb
Debian8armhflibss2-dbg< 1.42.12-2+deb8u1libss2-dbg_1.42.12-2+deb8u1_armhf.deb
Debian9mipslibcomerr2< 1.43.4-2+deb9u1libcomerr2_1.43.4-2+deb9u1_mips.deb
Debian9amd64ss-dev< 2.0-1.43.4-2+deb9u1ss-dev_2.0-1.43.4-2+deb9u1_amd64.deb
Debian10mipsellibext2fs2-dbgsym< 1.44.5-1+deb10u2libext2fs2-dbgsym_1.44.5-1+deb10u2_mipsel.deb
Debian9s390xe2fslibs-dbgsym< 1.43.4-2+deb9u1e2fslibs-dbgsym_1.43.4-2+deb9u1_s390x.deb
Debian8armele2fsprogs-udeb< 1.42.12-2+deb8u1e2fsprogs-udeb_1.42.12-2+deb8u1_armel.deb
Debian8i386e2fsprogs-dbg< 1.42.12-2+deb8u1e2fsprogs-dbg_1.42.12-2+deb8u1_i386.deb
Debian9mipsele2fslibs< 1.43.4-2+deb9u1e2fslibs_1.43.4-2+deb9u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	i386	ss-dev	< 2.0-1.44.5-1+deb10u2	ss-dev_2.0-1.44.5-1+deb10u2_i386.deb
Debian	10	arm64	e2fsck-static	< 1.44.5-1+deb10u2	e2fsck-static_1.44.5-1+deb10u2_arm64.deb
Debian	8	armhf	libss2-dbg	< 1.42.12-2+deb8u1	libss2-dbg_1.42.12-2+deb8u1_armhf.deb
Debian	9	mips	libcomerr2	< 1.43.4-2+deb9u1	libcomerr2_1.43.4-2+deb9u1_mips.deb
Debian	9	amd64	ss-dev	< 2.0-1.43.4-2+deb9u1	ss-dev_2.0-1.43.4-2+deb9u1_amd64.deb
Debian	10	mipsel	libext2fs2-dbgsym	< 1.44.5-1+deb10u2	libext2fs2-dbgsym_1.44.5-1+deb10u2_mipsel.deb
Debian	9	s390x	e2fslibs-dbgsym	< 1.43.4-2+deb9u1	e2fslibs-dbgsym_1.43.4-2+deb9u1_s390x.deb
Debian	8	armel	e2fsprogs-udeb	< 1.42.12-2+deb8u1	e2fsprogs-udeb_1.42.12-2+deb8u1_armel.deb
Debian	8	i386	e2fsprogs-dbg	< 1.42.12-2+deb8u1	e2fsprogs-dbg_1.42.12-2+deb8u1_i386.deb
Debian	9	mipsel	e2fslibs	< 1.43.4-2+deb9u1	e2fslibs_1.43.4-2+deb9u1_mipsel.deb