stable

e2fsprogs-1.44.6-2.fc30

FEDORA-2020-01ed02451f created by lczerner 4 years ago for Fedora 30

Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188)

A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. (Addresses CVE-2019-5094)

Fix potential use after free in calculate_tree()

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-01ed02451f

This update has been submitted for testing by lczerner.

4 years ago

This update's test gating status has been changed to 'waiting'.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago

This update has been pushed to testing.

4 years ago

This update can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1792192 CVE-2019-5094 e2fsprogs: crafted ext4 partition leads to out-of-bounds write [fedora-all]
0
0
BZ#1792193 CVE-2019-5188 e2fsprogs: Out-of-bounds write in e2fsck/rehash.c [fedora-all]
0
0

Automated Test Results