Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2548 e2fsprogs security update 27 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: e2fsprogs Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-5188 Reference: ESB-2020.1055 ESB-2020.0264 ESB-2020.0124 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2290 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2290-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz July 26, 2020 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : e2fsprogs Version : 1.43.4-2+deb9u2 CVE ID : CVE-2019-5188 An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. For Debian 9 stretch, this problem has been fixed in version 1.43.4-2+deb9u2. We recommend that you upgrade your e2fsprogs packages. For the detailed security status of e2fsprogs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/e2fsprogs Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl8dnxFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeaJQ//UFW3U38IbxAn6bw/7CqYhr+IhbYG9FVQjTO68jRi2afAEgg+4c83NJAs DSxM0VKd0rlhbSmkEx2XkotRTjt97H1N56NeluIZPF0XqmG0gGqUdNu5o1AwYm+n STzO3bchoEKk+A8LxZrsh87VZ9YjIrXCZHhkjtTQcU/pBFCxhfZ26MSTgVamlmwv KF/caZ++qyCrXEh89sCzazkcO+jYAJFhpsQj70VB6cldASExZ0ufAt8PSd59NIf2 ACznb7S2xd9NZB7ot3me3Jll2mXmNJom9PkraEU7W9TAUJCHrMcggnRGfcPUMbjD rdOvQvOA+UVUo/oCiLqtIxZ4oR0dLwZhPdzX7ETYa+YYFnEfRCtqqRD3Bsyw4sM1 osZ9DRAxSzfffc6UMp0bf47HhUCV04ztINfdq3S1+uHixn0nhMIcpkiXDIvNuDEi rFP2J3blba0Jy81EokFdYf6+OB690icgibJHqfM2z49oJ/jV6zVw3gY7RIePpeEv IwIAv1Bw/HOWGXpepsFZVQ2WjHe+KQTqM0zTi3CVUTOte5ghd0x0dZ2y17qCN+6L n0v7HyL3XqUn4qJGX74W+BX3kZ2B0D1CJChW1VG0C5NkxGtZuiHQp7JXhr2vi6Om OrAi4tIADHa1oPZPZfr657/N8E753VMsNxf1NwgphnbyHf2f0hs= =FvUM - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXx5IhuNLKJtyKPYoAQju7w//Ykhn9jnQfLuoKamrBkRb40aC8SWYm5jq 0zKs/ecXSkMU55V0jK4MA3EyC6x/3zZoEosysQ1W5SQShbgX5Kj3+yZGzCBBkic1 13S/v9LBp7vM0hSISU/naECZTtpSN7EHGJSCs1CxBL5oXfQkWM37WN7feQP2vHu8 e2ag2u3ZBnxWBnYnVAz/gwkj+MaHlHkDjXSR520vClQHiKbsypYTs7CTO+Bf5Pue 92dUqfr+rmLWPwHAQb/JvjpCacgTDDqOzGypcz98KVDMHyGP8ZaeNl86aL5oGWFF avuumy9EAVDF3B/Gfu6tV6sz+OhnPqaTXbwmpiG5G/dePA1/51uQKl/30gAw4fkI KQyrHsWI/+6yWpwGh4tXgU/mJtbB5e6s5a2EPPSBJxZRt7lHYSMXFz3jDGSn5ShX 7Pw43LKx1NMJEucjsNV282SzdmTchLuOXohyIsv5jCxJO5wRvlb9MsMZTOHZbn97 NfvW8SwGjiDdeyq3IxXTryspsV1T00p6ot7xjbKN2txDF1rqAbHDSVIVzUFTTh22 ZlSKqmEuCTTSwwt/CUhwpkCgH3PLuK6vsTgYM5Oh6hmnN80NCZaLL+otRLzBI9Kx MHB6ntzYb5oDJOcXavpS2SA9uNnviGAYRIaM/urWN+zG68w6K9CzC9m7X9lVOFam WC/4o/X34GQ= =s9BU -----END PGP SIGNATURE-----