e2fsprogs-1.45.4-3.el8

エラータID: AXSA:2020-302:02

Release date: 
Tuesday, September 8, 2020 - 06:24
Subject: 
e2fsprogs-1.45.4-3.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems.

The following packages have been upgraded to a later upstream version: e2fsprogs (1.45.4).

Security Fix(es):

* e2fsprogs: crafted ext4 partition leads to out-of-bounds write (CVE-2019-5094)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-5094
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Solution: 

Update packages.

CVEs: 
CVE-2019-5094
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. e2fsprogs-1.45.4-3.el8.src.rpm
    MD5: e8757166d9b5a4fa751edd353726267f
    SHA-256: c92ea13f0cc4d9d948e5aa2e957f3c07befcaa9ebdd4aef47c44846a0c080bb6
    Size: 5.37 MB

Asianux Server 8 for x86_64
  1. e2fsprogs-1.45.4-3.el8.x86_64.rpm
    MD5: d970457111628a53dc90a6f7e9524b03
    SHA-256: 300ada400237bf6949db0842cb64a563fd8f171669af430fb278b0f979fb7412
    Size: 1.02 MB
  2. e2fsprogs-devel-1.45.4-3.el8.x86_64.rpm
    MD5: 23e0175d23bf7c1575bfcbd654998f4a
    SHA-256: 978813d93a66ca8261851d49a21f4a6080b4159e555c3789fcc9e4c78fd8aea8
    Size: 82.43 kB
  3. e2fsprogs-libs-1.45.4-3.el8.x86_64.rpm
    MD5: 73e34d7f662d0180932485ce2b716826
    SHA-256: 82ecd93851f3525e068f763dc7746c408293b69e047d0ed9d9b8a117d3697c68
    Size: 230.98 kB
  4. libcom_err-1.45.4-3.el8.x86_64.rpm
    MD5: c15ed878b70b1e70a3baa79c4e07da02
    SHA-256: cf73d008bb0b81b7132dc3b650ca91e5f21fd551e0b9a246733f62b48082f7a8
    Size: 47.84 kB
  5. libcom_err-devel-1.45.4-3.el8.x86_64.rpm
    MD5: c0493aa5b45f672523d8dbe53fba3861
    SHA-256: 542a7f586811499322d946ef07d90ad83527a8dea38edf4704cedc11c0ea2bb7
    Size: 37.02 kB
  6. libss-1.45.4-3.el8.x86_64.rpm
    MD5: 6acddd2d3799cea078c7464826f5b330
    SHA-256: 96e03b039edeee936548d370c498633e42c24b599766c4a9838751bd3f50aece
    Size: 52.52 kB
  7. e2fsprogs-devel-1.45.4-3.el8.i686.rpm
    MD5: 519083a5627903c2fa0787f33a441258
    SHA-256: a890fe8019896f67cfbcc1fd0cb8ee30f38378872ef76e78e4dd9c68e7d0e5d9
    Size: 82.45 kB
  8. e2fsprogs-libs-1.45.4-3.el8.i686.rpm
    MD5: 0dbb39d1f8c130615ba04afe783b92d0
    SHA-256: 0ebc0730d6462541b397bcb77e59df27b12f7586da0c16b37fdbae4c2f61d056
    Size: 260.62 kB
  9. libcom_err-1.45.4-3.el8.i686.rpm
    MD5: a344fc5f6ec4d841169c7c4cd51efcb7
    SHA-256: adff513bae903e3398b7ce8ae2760719fa40099cc5e9dd4232b56397b7cd2792
    Size: 48.25 kB
  10. libcom_err-devel-1.45.4-3.el8.i686.rpm
    MD5: cbd916ebd38719378c99d2d213022f71
    SHA-256: 549296e1b29dcf6e9da349df9d2e817bcc43a3400933807eb507f9f327a7b196
    Size: 37.03 kB
  11. libss-1.45.4-3.el8.i686.rpm
    MD5: 6dd9825bb486ad28ccf39c81ff4b5535
    SHA-256: d791ebf1e6f039dbc1cc74ef5fd16b8128beb5db2e2f5c0688e1dc2d108fdd0f
    Size: 53.05 kB