Univention Bugzilla – Bug 51734
e2fsprogs: Multiple issues (4.4)
Last modified: 2020-07-29 16:50:55 CEST
New Debian e2fsprogs 1.43.4-2+deb9u2A~4.4.5.202007270745 fixes: This update addresses the following issue: * Out-of-bounds write in e2fsck/rehash.c (CVE-2019-5188)
--- mirror/ftp/4.4/unmaintained/4.4-3/source/e2fsprogs_1.43.4-2+deb9u1A~4.4.2.201910011444.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/e2fsprogs_1.43.4-2+deb9u2A~4.4.5.202007270745.dsc @@ -1,9 +1,20 @@ -1.43.4-2+deb9u1A~4.4.2.201910011444 [Tue, 01 Oct 2019 14:44:39 +0200] Univention builddaemon <buildd@univention.de>: +1.43.4-2+deb9u2A~4.4.5.202007270745 [Mon, 27 Jul 2020 07:48:32 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Fix-parallel-FTBFS 01_inode_reatio +1.43.4-2+deb9u2 [Sat, 25 Jul 2020 11:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2019-5188 + A specially crafted ext4 directory can cause an out-of-bounds write + on the stack, resulting in code execution. An attacker can corrupt a + partition to trigger this vulnerability. + * If directory has been deleted in pass1[bcd] processing, then we + shouldn't try to rehash the directory in pass 3a when we try to + rehash/reoptimize directories. + 1.43.4-2+deb9u1 [Wed, 25 Sep 2019 19:17:45 -0400] Theodore Y. Ts'o <tytso@mit.edu>: * Fix CVE-2019-5094: potential buffer overrun in e2fsck (Closes: #941139) <http://10.200.17.11/4.4-5/#483119067437292253>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 3a07dbf7ef Bug #51734: e2fsprogs 1.43.4-2+deb9u2A~4.4.5.202007270745 doc/errata/staging/e2fsprogs.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x656>