Updated file packages fix security vulnerabilities
Publication date: 29 Mar 2019Modification date: 29 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-8905 , CVE-2019-8907
Description
The updated file packages fix security vulnerabilities: do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. (CVE-2019-8905) do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. (CVE-2019-8907)
References
- https://bugs.mageia.org/show_bug.cgi?id=24498
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JG7FM7W3R4C4P5R4PFNBYEGTQHASG2O/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5DKJLTXLQCKG4GQNC5JUDGVGAJAJJ2K3/
- https://lists.suse.com/pipermail/sle-security-updates/2019-March/005176.html
- https://usn.ubuntu.com/3911-1/
- https://lists.opensuse.org/opensuse-updates/2019-03/msg00076.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907
SRPMS
6/core
- file-5.25-5.2.mga6