Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: FEDORA-2019-18036b898e Critical: File Heap Overflow Fix

fedora
Calendar Grey November 9, 2019
Dist Fedora Esm H88
The Fedora Update Notification FEDORA-2019-18036b898e fixes severe heap overflow vulnerabilities in the file utility, essential for system security and stability
- fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218)

Summary

The file command is used to identify a particular file according to the

type of data contained by the file. File can identify many different

file types, including ELF binaries, system libraries, RPM packages, and

different graphics formats.

- fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218)

* Fri Oct 25 2019 Kamil Dudka - 5.34-15

- fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218)

* Tue Jun 11 2019 Kamil Dudka - 5.34-14

- fix double free on read error (#1685217)

* Fri Mar 1 2019 Kamil Dudka - 5.34-13

- improve support for Apple formats (#1679455)

* Mon Feb 25 2019 Kamil Dudka - 5.34-12

- remote denial of service in do_core_note in readelf.c (CVE-2019-8907)

- stack-based buffer over-read in do_core_note in readelf.c (CVE-2019-8905)

- stack-based buffer over-read in do_bid_note in readelf.c (CVE-2019-8904)

- out-of-bounds read in do_core_note in readelf.c (CVE-2019-8906)

* Thu Jan 24 2019 Ondrej Dubaj - 5.34-9

- Added Linux PowerPC core offsets for Linux + fixed bug #1161911

* Thu Jan 24 2019 Ondrej Dubaj - 5.34-8

- Fixed bug missidentifying netpbm files (#856092)

* Tue Dec 4 2018 Ondrej Dubaj - 5.34-7

- Fixed bug misleading qcow2 v2 and v3 files (#1654349)

- Changed bug report URL

* Wed Nov 21 2018 Ondrej Dubaj - 5.34-6

- Fixed missidentifying locale files bug (#1527398)

* Wed Nov 14 2018 Kamil Dudka - 5.34-5

- reintroduce the python2-magic subpackage needed by python2-bugzilla (#1649547)

* Mon Nov 12 2018 Kamil Dudka - 5.34-4

- add magic for eBPF objects (#1648667)

[ 1 ] Bug #1765273 - CVE-2019-18218 file: heap-based buffer overflow in cdf_read_property_info in cdf.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1765273

su -c 'dnf upgrade --advisory FEDORA-2019-18036b898e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora file utility heap overflow update notification

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 5.34
Release: 15.fc29
URL: https://www.darwinsys.com/file/
Summary: A utility for determining file types

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora file utility heap overflow update notification

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here