Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2548
e2fsprogs security update
27 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: e2fsprogs
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-5188
Reference: ESB-2020.1055
ESB-2020.0264
ESB-2020.0124
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2290
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2290-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
July 26, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : e2fsprogs
Version : 1.43.4-2+deb9u2
CVE ID : CVE-2019-5188
An issue has been found in e2fsprogs, a package that contains
ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory
can cause an out-of-bounds write on the stack, resulting in code
execution. An attacker can corrupt a partition to trigger this
vulnerability.
For Debian 9 stretch, this problem has been fixed in version
1.43.4-2+deb9u2.
We recommend that you upgrade your e2fsprogs packages.
For the detailed security status of e2fsprogs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/e2fsprogs
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl8dnxFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeaJQ//UFW3U38IbxAn6bw/7CqYhr+IhbYG9FVQjTO68jRi2afAEgg+4c83NJAs
DSxM0VKd0rlhbSmkEx2XkotRTjt97H1N56NeluIZPF0XqmG0gGqUdNu5o1AwYm+n
STzO3bchoEKk+A8LxZrsh87VZ9YjIrXCZHhkjtTQcU/pBFCxhfZ26MSTgVamlmwv
KF/caZ++qyCrXEh89sCzazkcO+jYAJFhpsQj70VB6cldASExZ0ufAt8PSd59NIf2
ACznb7S2xd9NZB7ot3me3Jll2mXmNJom9PkraEU7W9TAUJCHrMcggnRGfcPUMbjD
rdOvQvOA+UVUo/oCiLqtIxZ4oR0dLwZhPdzX7ETYa+YYFnEfRCtqqRD3Bsyw4sM1
osZ9DRAxSzfffc6UMp0bf47HhUCV04ztINfdq3S1+uHixn0nhMIcpkiXDIvNuDEi
rFP2J3blba0Jy81EokFdYf6+OB690icgibJHqfM2z49oJ/jV6zVw3gY7RIePpeEv
IwIAv1Bw/HOWGXpepsFZVQ2WjHe+KQTqM0zTi3CVUTOte5ghd0x0dZ2y17qCN+6L
n0v7HyL3XqUn4qJGX74W+BX3kZ2B0D1CJChW1VG0C5NkxGtZuiHQp7JXhr2vi6Om
OrAi4tIADHa1oPZPZfr657/N8E753VMsNxf1NwgphnbyHf2f0hs=
=FvUM
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXx5IhuNLKJtyKPYoAQju7w//Ykhn9jnQfLuoKamrBkRb40aC8SWYm5jq
0zKs/ecXSkMU55V0jK4MA3EyC6x/3zZoEosysQ1W5SQShbgX5Kj3+yZGzCBBkic1
13S/v9LBp7vM0hSISU/naECZTtpSN7EHGJSCs1CxBL5oXfQkWM37WN7feQP2vHu8
e2ag2u3ZBnxWBnYnVAz/gwkj+MaHlHkDjXSR520vClQHiKbsypYTs7CTO+Bf5Pue
92dUqfr+rmLWPwHAQb/JvjpCacgTDDqOzGypcz98KVDMHyGP8ZaeNl86aL5oGWFF
avuumy9EAVDF3B/Gfu6tV6sz+OhnPqaTXbwmpiG5G/dePA1/51uQKl/30gAw4fkI
KQyrHsWI/+6yWpwGh4tXgU/mJtbB5e6s5a2EPPSBJxZRt7lHYSMXFz3jDGSn5ShX
7Pw43LKx1NMJEucjsNV282SzdmTchLuOXohyIsv5jCxJO5wRvlb9MsMZTOHZbn97
NfvW8SwGjiDdeyq3IxXTryspsV1T00p6ot7xjbKN2txDF1rqAbHDSVIVzUFTTh22
ZlSKqmEuCTTSwwt/CUhwpkCgH3PLuK6vsTgYM5Oh6hmnN80NCZaLL+otRLzBI9Kx
MHB6ntzYb5oDJOcXavpS2SA9uNnviGAYRIaM/urWN+zG68w6K9CzC9m7X9lVOFam
WC/4o/X34GQ=
=s9BU
-----END PGP SIGNATURE-----