Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 695522 (CVE-2019-5094)

Summary: <sys-fs/e2fsprogs-1.45.4: maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck (CVE-2019-5094)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: base-system
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0887
Whiteboard: A3 [glsa+ cve]
Package list:
sys-fs/e2fsprogs-1.45.4 sys-libs/e2fsprogs-libs-1.45.4
 Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-09-24 10:38:30 UTC 
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-09-24 10:40:45 UTC 
See $URL (not yet published).

Fix: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-09-25 14:15:57 UTC 
@ arches,

please stabilize

=sys-fs/e2fsprogs-1.45.4
=sys-libs/e2fsprogs-libs-1.45.4
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-26 18:26:23 UTC 
amd64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2019-09-26 19:18:29 UTC 
x86 stable
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-26 20:11:42 UTC 
arm stable
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-26 20:11:58 UTC 
m68k stable
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-26 20:12:14 UTC 
sh stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-26 20:12:30 UTC 
s390 stable
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-26 20:12:48 UTC 
ppc stable
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-26 20:13:05 UTC 
ppc64 stable
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-26 20:13:21 UTC 
sparc stable
Comment 12 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-26 20:13:38 UTC 
alpha stable
Comment 13 Agostino Sarubbo gentoo-dev 2019-10-03 08:07:31 UTC 
ia64 stable
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2019-10-07 04:35:05 UTC 
arm64 stable
Comment 15 Rolf Eike Beer archtester 2019-10-25 20:04:39 UTC 
hppa stable
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2020-03-13 01:52:58 UTC 
This issue was resolved and addressed in
 GLSA 202003-05 at https://security.gentoo.org/glsa/202003-05
by GLSA coordinator Thomas Deutschmann (whissi).