Overview
Affected versions of this package are vulnerable to ALAS2-2020-1509. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-5188: 1790048: CVE-2019-5188 e2fsprogs: Out-of-bounds write in e2fsck/rehash.c A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. CVE-2019-5094: 1768555: CVE-2019-5094 e2fsprogs: Crafted ext4 partition leads to out-of-bounds write An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
Remediation
Upgrade libcom_err to version or higher.
References
- CVE
- ALAS2-2020-1509
- Snyk ID
- SNYK-AMZN2-LIBCOMERR-1022408
- Published
- 28 Oct, 2020