QID 671127

Date Published: 2021-11-29

QID 671127: EulerOS Security Update for e2fsprogs (EulerOS-SA-2019-2140)

The e2fsprogs package contains a number of utilities for creating,checking, modifying, and correcting any inconsistencies in second,third and fourth extended (ext2/ext3/ext4) file systems.
E2fsprogs contains e2fsck (used to repair file system inconsistencies after an unclean shutdown), mke2fs (used to initialize a partition to contain an empty ext2 file system), debugfs (used to examine the internal structure of a file system, to manually repair a corrupted file system, or to create test cases for e2fsck), tune2fs (used to modify file system parameters), and most of the other core ext2fs file system utilities.
You should install the e2fsprogs package if you need to manage the performance of an ext2, ext3, or ext4 file system.
Security fix(es): an exploitable code execution vulnerability exists in the quota file functionality of e2fsprogs 1.45.3.
A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution.
An attacker can corrupt a partition to trigger this vulnerability.(cve-2019-5094)

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

An arbitrary attacker may exploit this vulnerability to compromise the system.

CVSS V3 rated as High - 6.7 severity.

CVSS V2 rated as Medium - 4.6 severity.

Solution

The Vendor has released a security update to fix the vulnerability. For more information please visit EulerOS-SA-2019-2140 for updates and patch information

Vendor References

EulerOS-SA-2019-2140 - developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2140

CVEs related to QID 671127

CVE-2019-5094 |

Software Advisories

Advisory ID	Software	Component	Link
EulerOS-SA-2019-2140	EulerOS V2.0SP5		developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2140

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].