Advisories ยป MGASA-2019-0118

Updated file packages fix security vulnerabilities

Publication date: 29 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-8905 , CVE-2019-8907

Description

The updated file packages fix security vulnerabilities:

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based
buffer over-read, related to file_printable, a different vulnerability
than CVE-2018-10360. (CVE-2019-8905)

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote
attackers to cause a denial of service (stack corruption and application
crash) or possibly have unspecified other impact. (CVE-2019-8907)
                

References

SRPMS

6/core