Описание
Security update for e2fsprogs
This update for e2fsprogs fixes the following issues:
- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
e2fsprogs-1.43.8-lp151.5.12.1
e2fsprogs-devel-1.43.8-lp151.5.12.1
libcom_err-devel-1.43.8-lp151.5.12.1
libcom_err-devel-32bit-1.43.8-lp151.5.12.1
libcom_err-devel-static-1.43.8-lp151.5.12.1
libcom_err2-1.43.8-lp151.5.12.1
libcom_err2-32bit-1.43.8-lp151.5.12.1
libext2fs-devel-1.43.8-lp151.5.12.1
libext2fs-devel-32bit-1.43.8-lp151.5.12.1
libext2fs-devel-static-1.43.8-lp151.5.12.1
libext2fs2-1.43.8-lp151.5.12.1
libext2fs2-32bit-1.43.8-lp151.5.12.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0166-1
- SUSE Security Ratings
- SUSE Bug 1160571
- SUSE CVE CVE-2019-5188 page
Описание
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
Затронутые продукты
openSUSE Leap 15.1:e2fsprogs-1.43.8-lp151.5.12.1
openSUSE Leap 15.1:e2fsprogs-devel-1.43.8-lp151.5.12.1
openSUSE Leap 15.1:libcom_err-devel-1.43.8-lp151.5.12.1
openSUSE Leap 15.1:libcom_err-devel-32bit-1.43.8-lp151.5.12.1
Ссылки
- CVE-2019-5188
- SUSE Bug 1160571