CVE-2019-5188: malicious fs can cause stack underflow in e2fsck

Debian Bug report logs - #948508
CVE-2019-5188: malicious fs can cause stack underflow in e2fsck

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Theodore Y. Ts'o" <tytso@mit.edu>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2019-5188: malicious fs can cause stack underflow in e2fsck

Date: Thu, 09 Jan 2020 10:58:29 -0500

Package: e2fsprogs
Version: 1.43.4-2+deb9u1
Severity: grave
Tags: security
Justification: user security hole

E2fsprogs 1.45.5 contains a bug fix for CVE-2019-5188 / TALOS-2019-0973.
The following commits need to be backported to address this
vulnerability in Debian Buster and Debian Stretch:

8dd73c14 - e2fsck: abort if there is a corrupted directory block when rehashing
71ba1375 - e2fsck: don't try to rehash a deleted directory

The impact of this bug is that if an attacker can tricker the system
into running e2fsck on an untrustworthy file system, a maliciously
crafted file system could result in a stack underflow.  The primary
concern is on 32-bit systems; due to limitations in the kind of stack
corruption which can be triggered due to this bug, it is probably not
exploitable on 64-bit systems.

Message #18 received at 948508-submitter@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: control@bugs.debian.org

Cc: 948508-submitter@bugs.debian.org

Subject: found 948508 in 1.43.4-2, found 948508 in 1.44.5-1+deb10u2, closing 948508

Date: Thu, 09 Jan 2020 17:15:18 +0100

found 948508 1.43.4-2
found 948508 1.44.5-1+deb10u2
close 948508 1.45.5-1
thanks

Send a report that this bug log contains spam.