Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

Mageia 6: 2019-0118 Moderate: File Stack Corruption Denial of Service

mageia
Calendar Grey March 29, 2019
Dist Mageia Esm H88
MGASA-2019-0118 - Updated file packages fix security vulnerabilities Publication date: 29 Mar 2019 U
The updated file packages fix security vulnerabilities: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a diffe...

Summary

The updated file packages fix security vulnerabilities:
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. (CVE-2019-8905)
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. (CVE-2019-8907)

References

- https://bugs.mageia.org/show_bug.cgi?id=24498

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JG7FM7W3R4C4P5R4PFNBYEGTQHASG2O/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5DKJLTXLQCKG4GQNC5JUDGVGAJAJJ2K3/

- https://lists.suse.com/pipermail/sle-security-updates/2019-March/005176.html

- https://ubuntu.com/security/notices/USN-3911-1

- - https://www.cve.org/CVERecord?id=CVE-2019-8905

- https://www.cve.org/CVERecord?id=CVE-2019-8907

Resolution

SRPMS

- 6/core/file-5.25-5.2.mga6

Publication date: 29 Mar 2019
URL: https://advisories.mageia.org/MGASA-2019-0118.html
Type: security
CVE: CVE-2019-8905, CVE-2019-8907

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.