-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4535-1 security@xxxxxxxxxx https://www.debian.org/security/ Salvatore Bonaccorso September 27, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : e2fsprogs CVE ID : CVE-2019-5094 Debian Bug : 941139 Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code. For the oldstable distribution (stretch), this problem has been fixed in version 1.43.4-2+deb9u1. For the stable distribution (buster), this problem has been fixed in version 1.44.5-1+deb10u2. We recommend that you upgrade your e2fsprogs packages. For the detailed security status of e2fsprogs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/e2fsprogs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2Of/xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q6Zg/9GWawqZcu65yl5zr0+vs8RSWB5193eMW/EmzjPEqij9iuy3j+uPWiVwy3 W8e0+87IZgY9cQUsilqsXVEelyx+Kg2uvMRiQET47WGGeWAxL5Hy2ntYTfgMKZ0z OA3h8I0Dep1ex6WbOYrhrNYYbRQhz2+LMScL2Z1oNiK2+kCnFwZ8T7c8ZYczXpHz FIP1rtKn0z0rLhncpcsmNmLIlOCnk7htGb5Zq0wfjkqNQICTL/fUAQYPHbT8i27K sTyZTRA72URw7iYbbjFW86Lv/ly34ss3OT0Skoz/EDTihAF3MZfIyFNeYYyTST4L yt4XSvNEyfKriLZuiB4KGr5ImgRU7RHo92aLfo4WTsnW4DzvXqaxVl19lMBBLh4/ JUYEweJLorf6KQ+Umbke11evr4d9ayKj5tyPtWfGQ4ts5auOGzx7qkyzGHvd9816 y8duWITrc4ANguGx3wX2dtWR1AFuEGyGhsvMMYOILwkef3sfIBILLLVkFvA/1w/H Vo8LLRGGRMMcEgezmWKKFym0k309D3ldnn9u3ES87ANQU0wGE6Z3K3QzkfscAKzS Sq18f6oo+GoETQBuWEDTpE8gM5jX6uEBcf1I/g8cJamaHdz3rjuYQPjzwRkiz3xn j4qFI+sENriVCx2XK/99FiRJfrhaNkgWG8eR0mKnXHKnJ0KZxiQ= =RTeU -----END PGP SIGNATURE-----