advisories/25562.adv

type: security
subject: Updated e2fsprogs packages fix security vulnerability
CVE:
 - CVE-2019-5094
src:
  7:
   core:
     - e2fsprogs-1.45.4-1.mga7
description: |
  Updated e2fsprogs packages fix security vulnerability:

  Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code
  used by e2fsck from the ext2/ext3/ext4 file system utilities. Running
  e2fsck on a malformed file system can result in the execution of arbitrary
  code (CVE-2019-5094).

  The e2fsprogs package has been updated to version 1.45.4, fixing this issue
  and other bugs. See the upstream release notes for details.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25562
 - http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4
 - https://www.debian.org/security/2019/dsa-4535
ID: MGASA-2019-0296
1	type: security
2	subject: Updated e2fsprogs packages fix security vulnerability
3	CVE:
4	- CVE-2019-5094
5	src:
6	7:
7	core:
8	- e2fsprogs-1.45.4-1.mga7
9	description: \|
10	Updated e2fsprogs packages fix security vulnerability:
11
12	Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code
13	used by e2fsck from the ext2/ext3/ext4 file system utilities. Running
14	e2fsck on a malformed file system can result in the execution of arbitrary
15	code (CVE-2019-5094).
16
17	The e2fsprogs package has been updated to version 1.45.4, fixing this issue
18	and other bugs. See the upstream release notes for details.
19	references:
20	- https://bugs.mageia.org/show_bug.cgi?id=25562
21	- http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4
22	- https://www.debian.org/security/2019/dsa-4535
23	ID: MGASA-2019-0296