Univention Bugzilla – Bug 50298
e2fsprogs: Multiple issues (4.4)
Last modified: 2019-10-02 15:55:03 CEST
New Debian e2fsprogs 1.43.4-2+deb9u1A~4.4.2.201910011329 fixes: This update addresses the following issue: * An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5094)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/e2fsprogs_1.43.4-2A~4.3.0.201801041304.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/e2fsprogs_1.43.4-2+deb9u1A~4.4.2.201910011329.dsc @@ -1,8 +1,10 @@ -1.43.4-2A~4.3.0.201801041304 [Thu, 04 Jan 2018 13:04:36 +0100] Univention builddaemon <buildd@univention.de>: +1.43.4-2+deb9u1A~4.4.2.201910011329 [Tue, 01 Oct 2019 13:30:50 +0200] Univention builddaemon <buildd@univention.de>: - * UCS auto build. The following patches have been applied to the original source package - 0001-Fix-parallel-FTBFS - 01_inode_reatio + * UCS auto build. No patches were applied to the original source package + +1.43.4-2+deb9u1 [Wed, 25 Sep 2019 19:17:45 -0400] Theodore Y. Ts'o <tytso@mit.edu>: + + * Fix CVE-2019-5094: potential buffer overrun in e2fsck (Closes: #941139) 1.43.4-2 [Tue, 31 Jan 2017 19:54:55 -0500] Theodore Y. Ts'o <tytso@mit.edu>: <http://10.200.17.11/4.4-2/#5941524933994691676>
--- mirror/ftp/4.3/unmaintained/4.3-0/source/e2fsprogs_1.43.4-2A~4.3.0.201801041304.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/e2fsprogs_1.43.4-2+deb9u1A~4.4.2.201910011444.dsc @@ -1,8 +1,12 @@ -1.43.4-2A~4.3.0.201801041304 [Thu, 04 Jan 2018 13:04:36 +0100] Univention builddaemon <buildd@univention.de>: +1.43.4-2+deb9u1A~4.4.2.201910011444 [Tue, 01 Oct 2019 14:44:39 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Fix-parallel-FTBFS 01_inode_reatio + +1.43.4-2+deb9u1 [Wed, 25 Sep 2019 19:17:45 -0400] Theodore Y. Ts'o <tytso@mit.edu>: + + * Fix CVE-2019-5094: potential buffer overrun in e2fsck (Closes: #941139) 1.43.4-2 [Tue, 31 Jan 2017 19:54:55 -0500] Theodore Y. Ts'o <tytso@mit.edu>: <http://10.200.17.11/4.4-2/#8165997453451210168>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-2] 0d5aaa5fd8 Bug #50298: e2fsprogs 1.43.4-2+deb9u1A~4.4.2.201910011444 doc/errata/staging/e2fsprogs.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) [4.4-2] e4637f5b4b Bug #50298: e2fsprogs 1.43.4-2+deb9u1A~4.4.2.201910011329 doc/errata/staging/e2fsprogs.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.4/292.html>