Summary: | <sys-fs/e2fsprogs-1.45.4: maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck (CVE-2019-5094) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0887 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
sys-fs/e2fsprogs-1.45.4
sys-libs/e2fsprogs-libs-1.45.4
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-09-24 10:38:30 UTC
See $URL (not yet published). Fix: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384 @ arches, please stabilize =sys-fs/e2fsprogs-1.45.4 =sys-libs/e2fsprogs-libs-1.45.4 amd64 stable x86 stable arm stable m68k stable sh stable s390 stable ppc stable ppc64 stable sparc stable alpha stable ia64 stable arm64 stable hppa stable This issue was resolved and addressed in GLSA 202003-05 at https://security.gentoo.org/glsa/202003-05 by GLSA coordinator Thomas Deutschmann (whissi). |