==========================================================================
Ubuntu Security Notice USN-4142-2
September 30, 2019
e2fsprogs vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
e2fsprogs could be made to execute arbitrary code if it is
running in a crafted ext4 partition.
Software Description:
– e2fsprogs: ext2/ext3/ext4 file system utilities
Details:
USN-4142-1 fixed a vulnerability in e2fsprogs. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that e2fsprogs incorrectly handled certain ext4 partitions.
An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
e2fsprogs 1.42.9-3ubuntu1.3+esm1
Ubuntu 12.04 ESM:
e2fsprogs 1.42-1ubuntu2.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4142-2
https://usn.ubuntu.com/4142-1
CVE-2019-5094
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdkhPhAAoJEEW851uECx9puGoQAJW/zT65eGOMjg9UxaesAox6
fYwxAmKxaodN80g9vjgn9QVj3z28CJGz+BNSGSdN5uMuakJjlfgd16najvurcNKy
MkQmPBaRmsRL35TObuLGNeJ4vTXR8aURRmINkIEVYR/vgLCw+CXklMWPYrWN/iA2
K2r1hpNDx4b5NnanLUtUEs9Ls4P78nJnLNK4EhmR+gIMc9PRK/gwk3fK7oFDfxJZ
eekyffSzNDsSslxYI6DVSV4C+G05SfZaO7Z8P+QodDyFc67QJzAVPJIin6e/fKFW
htA5zUCBauGu4VnipAuAHd1Cz9F7StdTfMSYuSRdD9+2Ukx5FdLRFB5EGAuk68lg
SvjwVkxt920qDIqtleoISmHM7D4cZWvKKiTPBIvAurTZ0x65eR353ql4Jbm1a+1b
WPEtYiYL9sFoW77hjt0sNvyoxha3W7kWea1TInehsoTj2FoSexn4MQuhawxeHsyP
sGMBybPZXNZrd9lv2zq/8x4m++LqKbU+y3n1+WDjFjZLba/MRsBnJGxwF69eKGTg
WuGCh5DNmfHuWMTLTYfjaTaOKg1iLj2ulH7RCLLINgzbo7r1pTCcyWs8ktoCqsFP
p/+5wMKHKCNrDkBvGpeRmdaw/bqQkcihz62jF4eYzNHmLE6thCT9KeLxGZ/G91Er
hzOXamlWQqdlZEKG3hHE
=EPni
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4142-1
September 30, 2019
e2fsprogs vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
e2fsprogs could be made to execute arbitrary code if it is running in
a crafted ext4 partition.
Software Description:
– e2fsprogs: ext2/ext3/ext4 file system utilities
Details:
It was discovered that e2fsprogs incorrectly handled certain ext4 partitions.
An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
e2fsprogs 1.44.6-1ubuntu0.1
Ubuntu 18.04 LTS:
e2fsprogs 1.44.1-1ubuntu1.2
Ubuntu 16.04 LTS:
e2fsprogs 1.42.13-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4142-1
CVE-2019-5094
Package Information:
https://launchpad.net/ubuntu/+source/e2fsprogs/1.44.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/e2fsprogs/1.44.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/e2fsprogs/1.42.13-1ubuntu1.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdkgzQAAoJEEW851uECx9pup8P/0RG4LCrzajBqGdcgmCDB8Vr
GR+hU1d2a8v+pAevsaPZsRlJQRWjkz/ai+UWEdAW8nayyRhsy/zg57mOBZJBt5nr
YAM29jO7HCU15VRg1PLNGXHoK2r1YkNVRkibcXyLQmAKXkvghLC0KUi5WpNjdIzV
HPsbNc1TTJyWHdNBLZwZu37NuoZC069Bg/pz3CLzz1RwOcrDYJJS8iuXHfwDp4XZ
uYHuUXSFGbNJJA2S/9dCeXIT32kv6pdmyL7kTdUknvNgb9lGPgx0K4jHkFPRtu98
O3BWCBAMw91Nus3dXSNy4fawEJ+VHehS4JTrHUe1cRIleGAN6kmrQHyhpNIyz4kJ
s6ityH80dtQ0GVhu5uz1lHMGp0nZne4u6LBEppx355Vhz+IW5lJ3RkIM/fgoc2+T
RTF56CwQENSDodoDiDCvb7qImKY0bkjBxpD0vD8nVjUTnv/xp57ly0wK1ENzI0qA
n1B1F3qU1AJIlIDkoc6bxl5sR/Yy+AfxVpRAkXSlPEwHJHTpfDDdauytoiShwhEY
qqmugKxX/+vmgmhtQ4+pY1HDJXccHw+zSFUXeu02JvVxp6rv0gL0P1kiFIflJ2aX
j/K2npJV4L4wdxLlRyT6Rww8+oxLouLSWRcgqKCWpsEf6+YC2bCcU0iUIdDf4+9s
pPJqzDVRQ49hALKWjERv
=J3Df
—–END PGP SIGNATURE—–
—