Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3655 [SECURITY] [DLA 1935-1] e2fsprogs security update 30 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: e2fsprogs Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Console/Physical Denial of Service -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2019-5094 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running e2fsprogs check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : e2fsprogs Version : 1.42.12-2+deb8u1 CVE ID : CVE-2019-5094 Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code. For Debian 8 "Jessie", this problem has been fixed in version 1.42.12-2+deb8u1. We recommend that you upgrade your e2fsprogs packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2PK7JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdjoRAAjZzx8443gvB4G3K1C0vxSNiSBUqNTInW8Qa/kuRzB7H/YzKQOSgTO3Km vYlyu4DH8q2cht8LJLjbsoeOH02RMKum2/Ju1HO20EUl7dXQHnSwdjq29gTNfFxN ienzYanm3+1Fy9JKBet9HxUqZs1xR2hucSR+U8qmpvVxGdloK0V52qh0IPmW2to8 Vi/xTe4lctHneVfWsPgnx8o10INmczub+JLGjxLT0dpUr271lP7Xs4sAyKgbkukX 3+hVsdoGrqA15+hK+OJZ5N6B3fXo4b3tG5b+Z7NnW9JFyfEGrfz6e+/KsBFORFeY UzOWdbmKgJhGN1ezNg5xYy4k3s4FJdrX9VBldfWCDBwVpK074h/1Fo6gcm1NlmCR lSk62YMMAzxiaD0YbfuRftBeHCmdXyDxduo0+SfKKIahpJu+Q+YPQNzu2Y+EKV3H IGGuaCW8S5ZDkjIPJZwN7XLUVLMsMV8pteXwRbXjPzblsQS2yZkb/I6YogHkw5XJ 1KivIPci8DBZRTLt4ti3BdJ8Got2CgtsGatV5z9FHUTr4xFdoyRFWJbc9wL3k5IF aNL0gRzwkpy8xZHXq0EfgWydlZ9h/Rx3MQSFYz0VrdPX5LkhP84hmUhbjEavOiQ1 oCZ/Y9b8H9/DDCQ2FiVGn1ISKCBdpOlannLVBK9p6CZEISlONUo= =wu9B - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXZFuMWaOgq3Tt24GAQgXKQ//SYJt22FrxSGH5qiiBmbIjMxQ5yFaMXwW qu8a5ae//hsdUUSwSUiI2QVkjrrn94ckX5E66Ivgmgeia46CKpzUDY+agMJFgsfR 87rtjPdMS6h3UEQ9Qh/SoYMolQB4ZXYPFqEcZQBURqhSI4KnXZPw2uarcvM0oyho sX8lAumTqklHRdNp7msZNJKuxy0UsyaKp5/2TMkJkcPJAZ8uBG5PgAZIC0jdXnYA 3zFb0hkEOqajoHOsWyZ1myt6D8RQ1jd4zLmI4dvBBjTfQNW9it/pdBHIFYcGc0CN PNdKz72BDnX4cDjt6MkwPYbu6t7Rnkhvt30dMeYEL6cKG5pT27rkDjbcCR6k08xz NBGUe/SccJLz9WUmv3n8GJO9+9saLrMLyrTig3myBu5g0YMiAHnS524z4Y/xQOfD axMjKliQNVTfL5Xs2VTmttc+Iq2qe6NAiTAlz8jPA/CHy25scXScyhnhbDUFUMYi x4ZujxTlOkJMwozuiTfZ1V1ujYekejeB0fMhTkmTr1PYl54eITPzEjK4yuPEUV0I KkV+wQoXUu1Es+sAJ6zKigbmmzO9lqzKtLm+ednFddeO3HycvTL66QGc4W5hb+mX UpedmCQwhbCi/OB/5reDB+JSX563wGyT4JfZ+gkK7wJ0fpzX1Cfs196cQ29j5Lr6 m5nR1jYUTiY= =cOcY -----END PGP SIGNATURE-----