[SECURITY] [DLA 2156-1] e2fsprogs security update

2020-03-2421:04:06

lists.debian.org

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

Package : e2fsprogs
Version : 1.42.12-2+deb8u2
CVE ID : CVE-2019-5188

An issue has been found in e2fsprogs, a package that contains
ext2/ext3/ext4 file system utilities.
A specially crafted ext4 directory can cause an out-of-bounds write on the
stack, resulting in code execution. An attacker can corrupt a partition to
trigger this vulnerability.

For Debian 8 "Jessie", this problem has been
fixed in version 1.42.12-2+deb8u2.

We recommend that you upgrade your e2fsprogs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8alle2fsprogs< 1.42.12-2+deb8u2e2fsprogs_1.42.12-2+deb8u2_all.deb
Debian8amd64e2fsprogs< 1.42.12-2+deb8u2e2fsprogs_1.42.12-2+deb8u2_amd64.deb
Debian8armellibcomerr2< 1.42.12-2+deb8u2libcomerr2_1.42.12-2+deb8u2_armel.deb
Debian10mipslibss2-dbgsym< 1.44.5-1+deb10u3libss2-dbgsym_1.44.5-1+deb10u3_mips.deb
Debian10ppc64ele2fsprogs-udeb< 1.44.5-1+deb10u3e2fsprogs-udeb_1.44.5-1+deb10u3_ppc64el.deb
Debian10armhflibcom-err2-dbgsym< 1.44.5-1+deb10u3libcom-err2-dbgsym_1.44.5-1+deb10u3_armhf.deb
Debian10amd64e2fsck-static-dbgsym< 1.44.5-1+deb10u3e2fsck-static-dbgsym_1.44.5-1+deb10u3_amd64.deb
Debian10armhffuse2fs-dbgsym< 1.44.5-1+deb10u3fuse2fs-dbgsym_1.44.5-1+deb10u3_armhf.deb
Debian8i386e2fslibs< 1.42.12-2+deb8u2e2fslibs_1.42.12-2+deb8u2_i386.deb
Debian9i386e2fsprogs-udeb< 1.43.4-2+deb9u2e2fsprogs-udeb_1.43.4-2+deb9u2_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	e2fsprogs	< 1.42.12-2+deb8u2	e2fsprogs_1.42.12-2+deb8u2_all.deb
Debian	8	amd64	e2fsprogs	< 1.42.12-2+deb8u2	e2fsprogs_1.42.12-2+deb8u2_amd64.deb
Debian	8	armel	libcomerr2	< 1.42.12-2+deb8u2	libcomerr2_1.42.12-2+deb8u2_armel.deb
Debian	10	mips	libss2-dbgsym	< 1.44.5-1+deb10u3	libss2-dbgsym_1.44.5-1+deb10u3_mips.deb
Debian	10	ppc64el	e2fsprogs-udeb	< 1.44.5-1+deb10u3	e2fsprogs-udeb_1.44.5-1+deb10u3_ppc64el.deb
Debian	10	armhf	libcom-err2-dbgsym	< 1.44.5-1+deb10u3	libcom-err2-dbgsym_1.44.5-1+deb10u3_armhf.deb
Debian	10	amd64	e2fsck-static-dbgsym	< 1.44.5-1+deb10u3	e2fsck-static-dbgsym_1.44.5-1+deb10u3_amd64.deb
Debian	10	armhf	fuse2fs-dbgsym	< 1.44.5-1+deb10u3	fuse2fs-dbgsym_1.44.5-1+deb10u3_armhf.deb
Debian	8	i386	e2fslibs	< 1.42.12-2+deb8u2	e2fslibs_1.42.12-2+deb8u2_i386.deb
Debian	9	i386	e2fsprogs-udeb	< 1.43.4-2+deb9u2	e2fsprogs-udeb_1.43.4-2+deb9u2_i386.deb