ELA-218-1 e2fsprogs security update

out-of-bounds write on stack

2020-03-24
Packagee2fsprogs
Version1.42.5-1.1+deb7u3
Related CVEs CVE-2019-5188


An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.



For Debian 7 Wheezy, these problems have been fixed in version 1.42.5-1.1+deb7u3.

We recommend that you upgrade your e2fsprogs packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.