#4429: file-5.36
--------------------+-----------------------
Reporter: bdubbs | Owner: lfs-book
Type: task | Status: new
Priority: normal | Milestone: 8.5
Component: Book | Version: SVN
Severity: normal | Resolution:
Keywords: |
--------------------+-----------------------
Comment (by renodr):
Four security fixes:
{{{
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote
attackers to cause a denial of service (stack corruption and application
crash) or possibly have unspecified other impact. (CVE-2019-8907)
}}}
{{{
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of- bounds
read because memcpy is misused. (CVE-2019-8906)
}}}
{{{
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based
buffer over-read, related to file_printable, a different vulnerability
than CVE-2018-10360. (CVE-2019-8905)
}}}
{{{
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based
buffer over-read, related to file_printf and file_vprintf. (CVE-2019-8904)
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4429#comment:1>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
--
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
