ELA-170-1 e2fsprogs security update

avoid buffer overruns with maliciously corrupted file systems

2019-09-28
Packagee2fsprogs
Version1.42.5-1.1+deb7u2
Related CVEs CVE-2019-5094

Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.

For Debian 7 Wheezy, these problems have been fixed in version 1.42.5-1.1+deb7u2.

We recommend that you upgrade your e2fsprogs packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/