1. Ubuntu Security Notices
  2. USN-5464-1

USN-5464-1: e2fsprogs vulnerability

Publication date

7 June 2022

Overview

e2fsprogs could be made to crash or possibly run programs if it processed a specially crafted file system image.

Releases

Packages

  • e2fsprogs - ext2/ext3/ext4 file system utilities

Details

Nils Bars discovered that e2fsprogs incorrectly handled certain file
systems. A local attacker could use this issue with a crafted file
system image to possibly execute arbitrary code.

Nils Bars discovered that e2fsprogs incorrectly handled certain file
systems. A local attacker could use this issue with a crafted file
system image to possibly execute arbitrary code.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.04 jammy e2fsprogs –  1.46.5-2ubuntu1.1
e2fsck-static –  1.46.5-2ubuntu1.1
fuse2fs –  1.46.5-2ubuntu1.1
21.10 impish e2fsprogs –  1.46.3-1ubuntu3.1
e2fsck-static –  1.46.3-1ubuntu3.1
fuse2fs –  1.46.3-1ubuntu3.1
20.04 focal e2fsprogs –  1.45.5-2ubuntu1.1
e2fsck-static –  1.45.5-2ubuntu1.1
fuse2fs –  1.45.5-2ubuntu1.1
18.04 bionic e2fsprogs –  1.44.1-1ubuntu1.4
e2fsck-static –  1.44.1-1ubuntu1.4
fuse2fs –  1.44.1-1ubuntu1.4
16.04 xenial e2fsprogs –  1.42.13-1ubuntu1.2+esm1  
e2fslibs –  1.42.13-1ubuntu1.2+esm1  
14.04 trusty e2fsprogs –  1.42.9-3ubuntu1.3+esm3  
e2fsck-static –  1.42.9-3ubuntu1.3+esm3  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›