e2fsprogs-1.42.9-19.el7

エラータID: AXSA:2020-637:03

Release date: 
Thursday, October 8, 2020 - 05:31
Subject: 
e2fsprogs-1.42.9-19.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems.

Security Fix(es):

* e2fsprogs: Crafted ext4 partition leads to out-of-bounds write (CVE-2019-5094)

* e2fsprogs: Out-of-bounds write in e2fsck/rehash.c (CVE-2019-5188)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-5094
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
CVE-2019-5188
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. e2fsprogs-1.42.9-19.el7.src.rpm
    MD5: ebf66d896145b9622fbb018d4e10afc3
    SHA-256: ec02b2b35799e908553d1bdc83e39fec27c689b6abb525eb81dc7101697ccbd4
    Size: 4.54 MB

Asianux Server 7 for x86_64
  1. e2fsprogs-1.42.9-19.el7.x86_64.rpm
    MD5: 03b29a0ef0ae437c385b09ed5669ae0c
    SHA-256: 1536e1f7ef5afb6821d1f1d950b600368ec62d4f7bc15f9e871d2770cb4c3cd9
    Size: 699.61 kB
  2. e2fsprogs-devel-1.42.9-19.el7.x86_64.rpm
    MD5: 95a18582e9064f9b18e02ef7d55b6eb1
    SHA-256: b4185b8fe7d81edd53a8522c3cf45fa6b8c21094dec323d171b56f29662fa3b9
    Size: 71.86 kB
  3. e2fsprogs-libs-1.42.9-19.el7.x86_64.rpm
    MD5: 2fb54163342a71e1f1f28363aba8895b
    SHA-256: 69253eb532a90ec15ab2f03b16494788de4795e4f3dfcfea872e085fc722378d
    Size: 167.22 kB
  4. libcom_err-1.42.9-19.el7.x86_64.rpm
    MD5: 2bbcf9d27f2de5ef9e186ef543d195d7
    SHA-256: 9399b6184674e65b47e0416dcafeec1ce449d94bc7189c6e30984557b08f446e
    Size: 41.18 kB
  5. libcom_err-devel-1.42.9-19.el7.x86_64.rpm
    MD5: 5f809588904d23ab7514ab32652b24f4
    SHA-256: 973f0ddc8078ce364c95e7cd9e645427e9a19dc412f94e53b48727ab4d600992
    Size: 31.34 kB
  6. libss-1.42.9-19.el7.x86_64.rpm
    MD5: d8b3894ee108c899ea1ecf72eda2d584
    SHA-256: 0457312e5f04d86c2e7362a4c4a3128b162c89fa3b8ba23bb59cea58f37dfc0c
    Size: 45.79 kB
  7. e2fsprogs-devel-1.42.9-19.el7.i686.rpm
    MD5: 48b92bb6d88a97f13cb0db66daea64b3
    SHA-256: e764db758b8f1c3102fb5af081955cf54e5ff26d9cf23b6b923bebda69bf3c3b
    Size: 71.87 kB
  8. e2fsprogs-libs-1.42.9-19.el7.i686.rpm
    MD5: 68b7fa4c2289dd7de9bc796813329b6b
    SHA-256: a5d973291095488f9cda83d01983b4f4ae9dabd9eea114f1ce37407f89705149
    Size: 179.38 kB
  9. libcom_err-1.42.9-19.el7.i686.rpm
    MD5: f8cd4ae4356a15068464e28d2186ca1b
    SHA-256: a579d85a59717a4adb460ae53ce6c046b32ffb6b691340c6b5f07d8386b9c299
    Size: 41.23 kB
  10. libcom_err-devel-1.42.9-19.el7.i686.rpm
    MD5: 527d48f8cce7b50c8582ec22c6110cff
    SHA-256: 06dafffb5b4eb9c0cdd7113a6336106f5e26a8e3383cde62a3f3ca4fec7afef5
    Size: 31.38 kB
  11. libss-1.42.9-19.el7.i686.rpm
    MD5: ee32ec73d425b4593141a5babcfa2932
    SHA-256: 2292a62b1af7d0e91bccb537ee1f36f9bb7dab2a31528dce752f8f9ff44477e8
    Size: 45.61 kB