Debian 10261 Published by

An e2fsprogs security update has been released for Debian GNU/Linux 7 Extended LTS to address an out-of-bounds write on the stack.



ELA-218-1 e2fsprogs security update

Package e2fsprogs
Version 1.42.5-1.1+deb7u3
Related CVE CVE-2019-5188

An issue has been found in e2fsprogs, a package that contains ext2/ext3/ext4 file system utilities. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

For Debian 7 Wheezy, these problems have been fixed in version 1.42.5-1.1+deb7u3.

We recommend that you upgrade your e2fsprogs packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-218-1 e2fsprogs security update