drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in e2fsprogs
Name: |
Pufferüberlauf in e2fsprogs |
|
ID: |
DSA-4535-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch, Debian buster |
|
Datum: |
Sa, 28. September 2019, 09:59 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094 |
|
Applikationen: |
e2fsprogs |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4535-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 27, 2019 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : e2fsprogs CVE ID : CVE-2019-5094 Debian Bug : 941139
Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.
For the oldstable distribution (stretch), this problem has been fixed in version 1.43.4-2+deb9u1.
For the stable distribution (buster), this problem has been fixed in version 1.44.5-1+deb10u2.
We recommend that you upgrade your e2fsprogs packages.
For the detailed security status of e2fsprogs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/e2fsprogs
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2Of/xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q6Zg/9GWawqZcu65yl5zr0+vs8RSWB5193eMW/EmzjPEqij9iuy3j+uPWiVwy3 W8e0+87IZgY9cQUsilqsXVEelyx+Kg2uvMRiQET47WGGeWAxL5Hy2ntYTfgMKZ0z OA3h8I0Dep1ex6WbOYrhrNYYbRQhz2+LMScL2Z1oNiK2+kCnFwZ8T7c8ZYczXpHz FIP1rtKn0z0rLhncpcsmNmLIlOCnk7htGb5Zq0wfjkqNQICTL/fUAQYPHbT8i27K sTyZTRA72URw7iYbbjFW86Lv/ly34ss3OT0Skoz/EDTihAF3MZfIyFNeYYyTST4L yt4XSvNEyfKriLZuiB4KGr5ImgRU7RHo92aLfo4WTsnW4DzvXqaxVl19lMBBLh4/ JUYEweJLorf6KQ+Umbke11evr4d9ayKj5tyPtWfGQ4ts5auOGzx7qkyzGHvd9816 y8duWITrc4ANguGx3wX2dtWR1AFuEGyGhsvMMYOILwkef3sfIBILLLVkFvA/1w/H Vo8LLRGGRMMcEgezmWKKFym0k309D3ldnn9u3ES87ANQU0wGE6Z3K3QzkfscAKzS Sq18f6oo+GoETQBuWEDTpE8gM5jX6uEBcf1I/g8cJamaHdz3rjuYQPjzwRkiz3xn j4qFI+sENriVCx2XK/99FiRJfrhaNkgWG8eR0mKnXHKnJ0KZxiQ= =RTeU -----END PGP SIGNATURE-----
|
|
|
|