Low: file

2020-07-14T02:34:00
ID ALAS2-2020-1452
Type amazon
Reporter Amazon
Modified 2020-07-14T02:34:00

Description

Issue Overview:

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. (CVE-2018-10360 __)

Affected Packages:

file

Issue Correction:
Run yum update file to update your system.

New Packages:

aarch64:  
    file-5.11-36.amzn2.0.1.aarch64  
    file-libs-5.11-36.amzn2.0.1.aarch64  
    file-devel-5.11-36.amzn2.0.1.aarch64  
    file-static-5.11-36.amzn2.0.1.aarch64  
    file-debuginfo-5.11-36.amzn2.0.1.aarch64

i686:  
    file-5.11-36.amzn2.0.1.i686  
    file-libs-5.11-36.amzn2.0.1.i686  
    file-devel-5.11-36.amzn2.0.1.i686  
    file-static-5.11-36.amzn2.0.1.i686  
    file-debuginfo-5.11-36.amzn2.0.1.i686

noarch:  
    python-magic-5.11-36.amzn2.0.1.noarch

src:  
    file-5.11-36.amzn2.0.1.src

x86_64:  
    file-5.11-36.amzn2.0.1.x86_64  
    file-libs-5.11-36.amzn2.0.1.x86_64  
    file-devel-5.11-36.amzn2.0.1.x86_64  
    file-static-5.11-36.amzn2.0.1.x86_64  
    file-debuginfo-5.11-36.amzn2.0.1.x86_64