-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.3655
             [SECURITY] [DLA 1935-1] e2fsprogs security update
                             30 September 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           e2fsprogs
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Console/Physical
                   Denial of Service               -- Console/Physical
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-5094  

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running e2fsprogs check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : e2fsprogs
Version        : 1.42.12-2+deb8u1
CVE ID         : CVE-2019-5094


Lilith of Cisco Talos discovered a buffer overflow flaw in the quota
code used by e2fsck from the ext2/ext3/ext4 file system utilities.
Running e2fsck on a malformed file system can result in the execution of
arbitrary code.


For Debian 8 "Jessie", this problem has been fixed in version
1.42.12-2+deb8u1.

We recommend that you upgrade your e2fsprogs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2PK7JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdjoRAAjZzx8443gvB4G3K1C0vxSNiSBUqNTInW8Qa/kuRzB7H/YzKQOSgTO3Km
vYlyu4DH8q2cht8LJLjbsoeOH02RMKum2/Ju1HO20EUl7dXQHnSwdjq29gTNfFxN
ienzYanm3+1Fy9JKBet9HxUqZs1xR2hucSR+U8qmpvVxGdloK0V52qh0IPmW2to8
Vi/xTe4lctHneVfWsPgnx8o10INmczub+JLGjxLT0dpUr271lP7Xs4sAyKgbkukX
3+hVsdoGrqA15+hK+OJZ5N6B3fXo4b3tG5b+Z7NnW9JFyfEGrfz6e+/KsBFORFeY
UzOWdbmKgJhGN1ezNg5xYy4k3s4FJdrX9VBldfWCDBwVpK074h/1Fo6gcm1NlmCR
lSk62YMMAzxiaD0YbfuRftBeHCmdXyDxduo0+SfKKIahpJu+Q+YPQNzu2Y+EKV3H
IGGuaCW8S5ZDkjIPJZwN7XLUVLMsMV8pteXwRbXjPzblsQS2yZkb/I6YogHkw5XJ
1KivIPci8DBZRTLt4ti3BdJ8Got2CgtsGatV5z9FHUTr4xFdoyRFWJbc9wL3k5IF
aNL0gRzwkpy8xZHXq0EfgWydlZ9h/Rx3MQSFYz0VrdPX5LkhP84hmUhbjEavOiQ1
oCZ/Y9b8H9/DDCQ2FiVGn1ISKCBdpOlannLVBK9p6CZEISlONUo=
=wu9B
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXZFuMWaOgq3Tt24GAQgXKQ//SYJt22FrxSGH5qiiBmbIjMxQ5yFaMXwW
qu8a5ae//hsdUUSwSUiI2QVkjrrn94ckX5E66Ivgmgeia46CKpzUDY+agMJFgsfR
87rtjPdMS6h3UEQ9Qh/SoYMolQB4ZXYPFqEcZQBURqhSI4KnXZPw2uarcvM0oyho
sX8lAumTqklHRdNp7msZNJKuxy0UsyaKp5/2TMkJkcPJAZ8uBG5PgAZIC0jdXnYA
3zFb0hkEOqajoHOsWyZ1myt6D8RQ1jd4zLmI4dvBBjTfQNW9it/pdBHIFYcGc0CN
PNdKz72BDnX4cDjt6MkwPYbu6t7Rnkhvt30dMeYEL6cKG5pT27rkDjbcCR6k08xz
NBGUe/SccJLz9WUmv3n8GJO9+9saLrMLyrTig3myBu5g0YMiAHnS524z4Y/xQOfD
axMjKliQNVTfL5Xs2VTmttc+Iq2qe6NAiTAlz8jPA/CHy25scXScyhnhbDUFUMYi
x4ZujxTlOkJMwozuiTfZ1V1ujYekejeB0fMhTkmTr1PYl54eITPzEjK4yuPEUV0I
KkV+wQoXUu1Es+sAJ6zKigbmmzO9lqzKtLm+ednFddeO3HycvTL66QGc4W5hb+mX
UpedmCQwhbCi/OB/5reDB+JSX563wGyT4JfZ+gkK7wJ0fpzX1Cfs196cQ29j5Lr6
m5nR1jYUTiY=
=cOcY
-----END PGP SIGNATURE-----