| Package | e2fsprogs |
|---|---|
| Version | 1.42.5-1.1+deb7u2 |
| Related CVEs | CVE-2019-5094 |
Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.
For Debian 7 Wheezy, these problems have been fixed in version 1.42.5-1.1+deb7u2.
We recommend that you upgrade your e2fsprogs packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.