FEDORA-2020-a724cc7926 created by lczerner 3 years ago for Fedora 31


A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck. (Addresses CVE-2019-5094)

E2fsck now checks to make sure the casefold flag is only set on directories, and only when the casefold feature is enabled.

E2fsck will not disable the low dtime checks when using a backup superblock where the last mount time is zero. This fixes a failure in xfstests ext4/007.

Fix e2fsck so that when it needs to recreate the root directory, the quota counts are correctly updated.

Fix e2scrub_all cron script so it checks to make sure e2scrub_all exists, since the crontab and cron script might stick around after the e2fsprogs package is removed. (Addresses Debian Bug: #932622)

Fix e2scrub_all so that it works when the free space is exactly the snapshot size. (Addresses Debian Bug: #935009)

Avoid spurious lvm warnings when e2scrub_all is run out of cron on non-systemd systems (Addresses Debian Bug: #940240)

Update the man pages to document the new fsverity feature, and improve the documentation for the casefold and encrypt features.

E2fsck will no longer force a full file system check if time-based forced checks are disabled and the last mount time or last write time in the superblock are in the future.

Fix a potential out of bounds write when checking a maliciously corrupted file system. This is probably not exploitable on 64-bit platforms, but may be exploitable on 32-bit binaries depending on how the compiler lays out the stack variables. (Addresses CVE-2019-5188)

Fixed spurious weekly e-mails when e2scrub_all is run via a cron job on non-systemd systems. (Addresses Debian Bug: #944033)

Remove an unnecessary sleep in e2scrub which could add up to an additional two second delay during the boot up. Also, avoid trying to reap aborted snapshots if it has been disabled via e2scrub.conf. (Addresses Debian Bug: #948193)

If a mischievous system administrator mounts a pseudo-file system such as tmpfs with a device name that duplicates another mounted file system, this could potentially confuse resize2fs when it needs to find the mount point of a mounted file system. (Who would have guessed?) Add some sanity checking so that we can make libext2fs more robust against such insanity, at least on Linux. (GNU HURD doesn't support st_rdev.)

Tune2fs now prohibits enabling or disabling uninit_bg if the file system is mounted, since this could result in the file system getting corrupted, and there is an unfortunate AskUbuntu article suggesting this as a way to modify a file system's UUID on a live file system. (Ext4 now has a way to do this safely, using the metadata_csum_seed feature, which was added in the 4.4 Linux kernel.)

Fix potential crash in e2fsck when rebuilding very large directories on file systems which have the new large_dir feature enable.

Fix support of 32-bit uid's and gid's in fuse2fs and in mke2fs -d.

Fix mke2fs's setting bad blocks to bigalloc file systems.

Fix a bug where fuse2fs would incorrectly report the i_blocks fields for bigalloc file systems.

Resize2fs's minimum size estimates (via resize2fs -M) estimates are now more accurate when run on mounted file systems.

Fixed potential memory leak in read_bitmap() in libext2fs.

Fixed various UBsan failures found when fuzzing file system images. (Addresses Google Bug: #128130353)

Updated and clarified various man pages.

Performance, Internal Implementation, Development Support etc.

Fixed various debian packaging issues. (Addresses Debian Bug: #933247, #932874, #932876, #932855, #932859, #932861, #932881, #932888)

Fix false positive test failure in f_pre_1970_date_encoding on 32-bit systems with a 64-bit time_t. (Addresses Debian Bug: #932906)

Fixed various compiler warnings. (Addresses Google Bug #118836063)

Update the Czech, Dutch, French, German, Malay, Polish, Portuguese, Spanish, Swedish, Ukrainian, and Vietnamese translations from the Translation Project.

Speed up e2fsck on file systems with a very large number of inodes caused by repeated calls to gettext().

The inode_io io_manager can now support files which are greater than 2GB.

The ext2_off_t and ext2_off64_t are now signed types so that ext2fs_file_lseek() and ext2fs_file_llseek() can work correctly.

Reserve codepoint for the fast_commit feature.

Fixed various Debian packaging issues.

Fix portability problems for Illumous and on hurd/i386 (Addresses Debian Bug: #944649)

Always compile the ext2fs_swap_* functions even on little-endian architectures, so that debian/libext2fs.symbols can be consistent across architectures.

Synchronized changes from Android's AOSP e2fsprogs tree.

Updated config.guess and config.sub with newer versions from the FSF.

Update the Chinese and Malay translations from the translation project.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-a724cc7926

This update has been submitted for testing by lczerner.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'failed'.

3 years ago

This update has been pushed to testing.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago
User Icon pwalter commented & provided feedback 3 years ago


User Icon ibims commented & provided feedback 3 years ago

Works in generally, cannot test the Bugfixes and/or the new or fixed features.

This update can be pushed to stable now if the maintainer wishes

3 years ago
User Icon cairo provided feedback 3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
14 days
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1768556 CVE-2019-5094 e2fsprogs: crafted ext4 partition leads to out-of-bounds write [fedora-all]
BZ#1790049 CVE-2019-5188 e2fsprogs: Out-of-bounds write in e2fsck/rehash.c [fedora-all]

Automated Test Results