PublicDateAtUSN: 2019-09-24
Candidate: CVE-2019-5094
PublicDate: 2019-09-24 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094
 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
 https://ubuntu.com/security/notices/USN-4142-1
 https://ubuntu.com/security/notices/USN-4142-2
Description:
 An exploitable code execution vulnerability exists in the quota file
 functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can
 cause an out-of-bounds write on the heap, resulting in code execution. An
 attacker can corrupt a partition to trigger this vulnerability.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [6.7 MEDIUM]


Patches_e2fsprogs:
 upstream: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384
upstream_e2fsprogs: released (1.45.4-1)
precise/esm_e2fsprogs: released (1.42-1ubuntu2.4)
trusty_e2fsprogs: ignored (out of standard support)
trusty/esm_e2fsprogs: released (1.42.9-3ubuntu1.3+esm1)
xenial_e2fsprogs: released (1.42.13-1ubuntu1.1)
esm-infra/xenial_e2fsprogs: released (1.42.13-1ubuntu1.1)
bionic_e2fsprogs: released (1.44.1-1ubuntu1.2)
disco_e2fsprogs: released (1.44.6-1ubuntu0.1)
devel_e2fsprogs: released (1.45.3-4ubuntu2)