e2fsprogs-1.42.9-19.el7
エラータID: AXSA:2020-637:03
リリース日:
2020/10/08 Thursday - 05:31
題名:
e2fsprogs-1.42.9-19.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- E2fsprogsのクォーターファイルの機能には、巧妙に細工されたext4パーティション
によってヒープメモリの範囲外書き込みが発生し、攻撃者がコードを実行できる脆弱性
があります。(CVE-2019-5094)
- E2fsprogsパッケージのe2fsckコマンドのディレクトリリハッシュ機能には、
細工されたext4のディレクトリによってスタックメモリの範囲外書き込みが発生し、
攻撃者がコードを実行できる脆弱性があります。(CVE-2019-5188)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-5094
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
CVE-2019-5188
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- e2fsprogs-1.42.9-19.el7.src.rpm
MD5: ebf66d896145b9622fbb018d4e10afc3
SHA-256: ec02b2b35799e908553d1bdc83e39fec27c689b6abb525eb81dc7101697ccbd4
Size: 4.54 MB
Asianux Server 7 for x86_64
- e2fsprogs-1.42.9-19.el7.x86_64.rpm
MD5: 03b29a0ef0ae437c385b09ed5669ae0c
SHA-256: 1536e1f7ef5afb6821d1f1d950b600368ec62d4f7bc15f9e871d2770cb4c3cd9
Size: 699.61 kB - e2fsprogs-devel-1.42.9-19.el7.x86_64.rpm
MD5: 95a18582e9064f9b18e02ef7d55b6eb1
SHA-256: b4185b8fe7d81edd53a8522c3cf45fa6b8c21094dec323d171b56f29662fa3b9
Size: 71.86 kB - e2fsprogs-libs-1.42.9-19.el7.x86_64.rpm
MD5: 2fb54163342a71e1f1f28363aba8895b
SHA-256: 69253eb532a90ec15ab2f03b16494788de4795e4f3dfcfea872e085fc722378d
Size: 167.22 kB - libcom_err-1.42.9-19.el7.x86_64.rpm
MD5: 2bbcf9d27f2de5ef9e186ef543d195d7
SHA-256: 9399b6184674e65b47e0416dcafeec1ce449d94bc7189c6e30984557b08f446e
Size: 41.18 kB - libcom_err-devel-1.42.9-19.el7.x86_64.rpm
MD5: 5f809588904d23ab7514ab32652b24f4
SHA-256: 973f0ddc8078ce364c95e7cd9e645427e9a19dc412f94e53b48727ab4d600992
Size: 31.34 kB - libss-1.42.9-19.el7.x86_64.rpm
MD5: d8b3894ee108c899ea1ecf72eda2d584
SHA-256: 0457312e5f04d86c2e7362a4c4a3128b162c89fa3b8ba23bb59cea58f37dfc0c
Size: 45.79 kB - e2fsprogs-devel-1.42.9-19.el7.i686.rpm
MD5: 48b92bb6d88a97f13cb0db66daea64b3
SHA-256: e764db758b8f1c3102fb5af081955cf54e5ff26d9cf23b6b923bebda69bf3c3b
Size: 71.87 kB - e2fsprogs-libs-1.42.9-19.el7.i686.rpm
MD5: 68b7fa4c2289dd7de9bc796813329b6b
SHA-256: a5d973291095488f9cda83d01983b4f4ae9dabd9eea114f1ce37407f89705149
Size: 179.38 kB - libcom_err-1.42.9-19.el7.i686.rpm
MD5: f8cd4ae4356a15068464e28d2186ca1b
SHA-256: a579d85a59717a4adb460ae53ce6c046b32ffb6b691340c6b5f07d8386b9c299
Size: 41.23 kB - libcom_err-devel-1.42.9-19.el7.i686.rpm
MD5: 527d48f8cce7b50c8582ec22c6110cff
SHA-256: 06dafffb5b4eb9c0cdd7113a6336106f5e26a8e3383cde62a3f3ca4fec7afef5
Size: 31.38 kB - libss-1.42.9-19.el7.i686.rpm
MD5: ee32ec73d425b4593141a5babcfa2932
SHA-256: 2292a62b1af7d0e91bccb537ee1f36f9bb7dab2a31528dce752f8f9ff44477e8
Size: 45.61 kB