Opened 2 years ago

Closed 2 years ago

#4429 closed task (fixed)

file-5.36

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 8.4
Component: Book Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (3)

comment:1 by Douglas R. Reno, 2 years ago

Four security fixes:

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. (CVE-2019-8907)
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of- bounds read because memcpy is misused. (CVE-2019-8906)
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. (CVE-2019-8905)
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. (CVE-2019-8904)

comment:2 by Bruce Dubbs, 2 years ago

Milestone: 8.58.4
Owner: changed from lfs-book to Bruce Dubbs
Status: newassigned

Promote to 8.4

comment:3 by Bruce Dubbs, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 11535.

Note: See TracTickets for help on using tickets.