{"id": "OPENVAS:1361412562310875844", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for file FEDORA-2019-15f5147b27", "description": "The remote host is missing an update for the ", "published": "2019-05-07T00:00:00", "modified": "2019-05-14T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875844", "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "references": ["2019-15f5147b27", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JG7FM7W3R4C4P5R4PFNBYEGTQHASG2O"], "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "lastseen": "2019-05-29T18:32:13", "viewCount": 44, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-8907", "CVE-2019-8905", "CVE-2019-8906", "CVE-2019-8904"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310875507", "OPENVAS:1361412562310852347", "OPENVAS:1361412562310876983", "OPENVAS:1361412562310852422", "OPENVAS:1361412562310843936", "OPENVAS:1361412562310891698"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2020-3_0-0080_FILE.NASL", "FEDORA_2019-15F5147B27.NASL", "EULEROS_SA-2020-1845.NASL", "SUSE_SU-2019-0571-1.NASL", "ALA_ALAS-2019-1186.NASL", "FEDORA_2019-C90F32A130.NASL", "EULEROS_SA-2020-2038.NASL", "PHOTONOS_PHSA-2020-2_0-0228_FILE.NASL", "PHOTONOS_PHSA-2020-1_0-0289_FILE.NASL", "UBUNTU_USN-3911-1.NASL"]}, {"type": "fedora", "idList": ["FEDORA:D207A6014BBC", "FEDORA:26C926022BC9", "FEDORA:AFD5E606ED5A"]}, {"type": "ubuntu", "idList": ["USN-3911-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:CD634A7F3BAB77501CC15DE114C23139", "CFOUNDRY:29F51970A6B8E7F72EFC2B6288D78B89"]}, {"type": "amazon", "idList": ["ALAS-2019-1186"]}, {"type": "archlinux", "idList": ["ASA-201903-5"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1197-1", "OPENSUSE-SU-2019:0345-1"]}, {"type": "slackware", "idList": ["SSA-2019-054-01"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1698-1:624A5"]}, {"type": "apple", "idList": ["APPLE:HT209599", "APPLE:HT209602", "APPLE:HT209601", "APPLE:HT209600"]}], "modified": "2019-05-29T18:32:13", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2019-05-29T18:32:13", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "1361412562310875844", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875844\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-8907\", \"CVE-2019-8905\", \"CVE-2019-8904\", \"CVE-2019-8906\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:23:45 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for file FEDORA-2019-15f5147b27\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-15f5147b27\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JG7FM7W3R4C4P5R4PFNBYEGTQHASG2O\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'file'\n package(s) announced via the FEDORA-2019-15f5147b27 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The file command is used to identify a particular file according to the\ntype of data contained by the file. File can identify many different\nfile types, including ELF binaries, system libraries, RPM packages, and\ndifferent graphics formats.\");\n\n script_tag(name:\"affected\", value:\"'file' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"file\", rpm:\"file~5.34~12.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T07:13:06", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-18T17:29:00", "title": "CVE-2019-8906", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8906"], "modified": "2019-04-16T16:01:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:42.3", "cpe:/a:file_project:file:5.35"], "id": "CVE-2019-8906", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8906", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:13:06", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-18T17:29:00", "title": "CVE-2019-8907", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8907"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:file_project:file:5.35"], "id": "CVE-2019-8907", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8907", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:13:06", "description": "do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-18T17:29:00", "title": "CVE-2019-8904", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8904"], "modified": "2019-03-26T17:46:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:file_project:file:5.35"], "id": "CVE-2019-8904", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8904", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:13:06", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-18T17:29:00", "title": "CVE-2019-8905", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8905"], "modified": "2019-04-12T12:29:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:file_project:file:5.35"], "id": "CVE-2019-8905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8905", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:34:19", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "description": "It was discovered that file incorrectly handled certain malformed ELF \nfiles. An attacker could use this issue to cause a denial of service, or \npossibly execute arbitrary code.", "edition": 3, "modified": "2019-03-18T00:00:00", "published": "2019-03-18T00:00:00", "id": "USN-3911-1", "href": "https://ubuntu.com/security/notices/USN-3911-1", "title": "file vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8904", "CVE-2019-8905", "CVE-2019-8906", "CVE-2019-8907"], "description": "The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. ", "modified": "2019-03-01T02:41:25", "published": "2019-03-01T02:41:25", "id": "FEDORA:D207A6014BBC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: file-5.34-12.fc29", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-1821", "CVE-2019-18218", "CVE-2019-8904", "CVE-2019-8905", "CVE-2019-8906", "CVE-2019-8907"], "description": "The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. ", "modified": "2019-11-10T01:07:35", "published": "2019-11-10T01:07:35", "id": "FEDORA:AFD5E606ED5A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: file-5.34-15.fc29", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8906", "CVE-2019-8907"], "description": "The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. ", "modified": "2019-03-12T21:44:56", "published": "2019-03-12T21:44:56", "id": "FEDORA:26C926022BC9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: file-5.33-10.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "description": "The remote host is missing an update for the ", "modified": "2019-03-19T00:00:00", "published": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310843936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843936", "type": "openvas", "title": "Ubuntu Update for file USN-3911-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843936\");\n script_version(\"$Revision: 14312 $\");\n script_cve_id(\"CVE-2019-8904\", \"CVE-2019-8905\", \"CVE-2019-8906\", \"CVE-2019-8907\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:46:59 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-03-19 04:09:58 +0100 (Tue, 19 Mar 2019)\");\n script_name(\"Ubuntu Update for file USN-3911-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3911-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-March/004805.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'file'\n package(s) announced via the USN-3911-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that file incorrectly handled certain malformed ELF\nfiles. An attacker could use this issue to cause a denial of service, or\npossibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"file on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"file\", ver:\"1:5.32-2ubuntu0.2\", rls:\"UBUNTU18.04 LTS\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagic1\", ver:\"1:5.32-2ubuntu0.2\", rls:\"UBUNTU18.04 LTS\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"file\", ver:\"1:5.34-2ubuntu0.1\", rls:\"UBUNTU18.10\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagic1\", ver:\"1:5.34-2ubuntu0.1\", rls:\"UBUNTU18.10\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"file\", ver:\"1:5.25-2ubuntu1.2\", rls:\"UBUNTU16.04 LTS\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagic1\", ver:\"1:5.25-2ubuntu1.2\", rls:\"UBUNTU16.04 LTS\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-13T19:28:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2019-18218", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "description": "The remote host is missing an update for the ", "modified": "2019-11-13T00:00:00", "published": "2019-11-10T00:00:00", "id": "OPENVAS:1361412562310876983", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876983", "type": "openvas", "title": "Fedora Update for file FEDORA-2019-18036b898e", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876983\");\n script_version(\"2019-11-13T08:06:35+0000\");\n script_cve_id(\"CVE-2019-18218\", \"CVE-2019-8907\", \"CVE-2019-8905\", \"CVE-2019-8904\", \"CVE-2019-8906\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-13 08:06:35 +0000 (Wed, 13 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-10 03:24:47 +0000 (Sun, 10 Nov 2019)\");\n script_name(\"Fedora Update for file FEDORA-2019-18036b898e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-18036b898e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'file'\n package(s) announced via the FEDORA-2019-18036b898e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The file command is used to identify a particular file according to the\ntype of data contained by the file. File can identify many different\nfile types, including ELF binaries, system libraries, RPM packages, and\ndifferent graphics formats.\");\n\n script_tag(name:\"affected\", value:\"'file' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"file\", rpm:\"file~5.34~15.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310875507", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875507", "type": "openvas", "title": "Fedora Update for file FEDORA-2019-c90f32a130", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875507\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2019-8907\", \"CVE-2019-8905\", \"CVE-2019-8906\", \"CVE-2018-10360\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-03-13 04:13:33 +0100 (Wed, 13 Mar 2019)\");\n script_name(\"Fedora Update for file FEDORA-2019-c90f32a130\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-c90f32a130\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DKJLTXLQCKG4GQNC5JUDGVGAJAJJ2K3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'file'\n package(s) announced via the FEDORA-2019-c90f32a130 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"file on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"file\", rpm:\"file~5.33~10.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:47:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310852347", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852347", "type": "openvas", "title": "openSUSE: Security Advisory for file (openSUSE-SU-2019:0345-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852347\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-10360\", \"CVE-2019-8905\", \"CVE-2019-8906\", \"CVE-2019-8907\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-19 04:10:11 +0100 (Tue, 19 Mar 2019)\");\n script_name(\"openSUSE: Security Advisory for file (openSUSE-SU-2019:0345-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0345-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'file'\n package(s) announced via the openSUSE-SU-2019:0345-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for file fixes the following issues:\n\n The following security vulnerabilities were addressed:\n\n - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note\n in readelf.c, which allowed remote attackers to cause a denial of\n service (application crash) via a crafted ELF file (bsc#1096974)\n\n - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in\n readelf.c (bsc#1126118)\n\n - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c\n (bsc#1126119)\n\n - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c\n (bsc#1126117)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-345=1\");\n\n script_tag(name:\"affected\", value:\"file on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"file\", rpm:\"file~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-debuginfo\", rpm:\"file-debuginfo~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-debugsource\", rpm:\"file-debugsource~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-devel\", rpm:\"file-devel~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmagic1\", rpm:\"libmagic1~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmagic1-debuginfo\", rpm:\"libmagic1-debuginfo~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-magic\", rpm:\"python2-magic~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-magic\", rpm:\"python3-magic~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-devel-32bit\", rpm:\"file-devel-32bit~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmagic1-32bit\", rpm:\"libmagic1-32bit~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmagic1-32bit-debuginfo\", rpm:\"libmagic1-32bit-debuginfo~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-magic\", rpm:\"file-magic~5.32~lp150.6.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:49:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-04-13T00:00:00", "id": "OPENVAS:1361412562310852422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852422", "type": "openvas", "title": "openSUSE: Security Advisory for file (openSUSE-SU-2019:1197-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852422\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-10360\", \"CVE-2019-8905\", \"CVE-2019-8906\", \"CVE-2019-8907\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-13 02:01:08 +0000 (Sat, 13 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for file (openSUSE-SU-2019:1197-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1197-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'file'\n package(s) announced via the openSUSE-SU-2019:1197-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for file fixes the following issues:\n\n The following security vulnerabilities were addressed:\n\n - Fixed an out-of-bounds read in the function do_core_note in readelf.c,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360).\n\n - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in\n readelf.c (bsc#1126118)\n\n - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c\n (bsc#1126119)\n\n - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c\n (bsc#1126117)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1197=1\");\n\n script_tag(name:\"affected\", value:\"'file' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"file\", rpm:\"file~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-debuginfo\", rpm:\"file-debuginfo~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-debugsource\", rpm:\"file-debugsource~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-devel\", rpm:\"file-devel~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-magic\", rpm:\"file-magic~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmagic1\", rpm:\"libmagic1~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmagic1-debuginfo\", rpm:\"libmagic1-debuginfo~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-magic\", rpm:\"python-magic~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmagic1-32bit\", rpm:\"libmagic1-32bit~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmagic1-debuginfo-32bit\", rpm:\"libmagic1-debuginfo-32bit~5.22~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:26:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8905", "CVE-2019-8907"], "description": "Potential buffer over-reads in readelf.c have been found in file,\na popular file type guesser.", "modified": "2020-01-29T00:00:00", "published": "2019-03-01T00:00:00", "id": "OPENVAS:1361412562310891698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891698", "type": "openvas", "title": "Debian LTS: Security Advisory for file (DLA-1698-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891698\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-8905\", \"CVE-2019-8907\");\n script_name(\"Debian LTS: Security Advisory for file (DLA-1698-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-01 00:00:00 +0100 (Fri, 01 Mar 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"file on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:5.22+15-2+deb8u5.\n\nWe recommend that you upgrade your file packages.\");\n\n script_tag(name:\"summary\", value:\"Potential buffer over-reads in readelf.c have been found in file,\na popular file type guesser.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"file\", ver:\"1:5.22+15-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"file-dbg\", ver:\"1:5.22+15-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagic-dev\", ver:\"1:5.22+15-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmagic1\", ver:\"1:5.22+15-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-magic\", ver:\"1:5.22+15-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python3-magic\", ver:\"1:5.22+15-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-04-30T15:05:25", "description": "An update of the file package has been released.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-28T00:00:00", "title": "Photon OS 1.0: File PHSA-2020-1.0-0289", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "modified": "2020-04-28T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:file", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0289_FILE.NASL", "href": "https://www.tenable.com/plugins/nessus/136031", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0289. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136031);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/29\");\n\n script_cve_id(\n \"CVE-2019-8904\",\n \"CVE-2019-8905\",\n \"CVE-2019-8906\",\n \"CVE-2019-8907\"\n );\n script_bugtraq_id(107130, 107137, 107158);\n\n script_name(english:\"Photon OS 1.0: File PHSA-2020-1.0-0289\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the file package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-289.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8907\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:file\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"file-5.38-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"file-debuginfo-5.38-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-30T07:08:00", "description": "An update of the file package has been released.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-21T00:00:00", "title": "Photon OS 3.0: File PHSA-2020-3.0-0080", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "modified": "2020-04-21T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:file", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0080_FILE.NASL", "href": "https://www.tenable.com/plugins/nessus/135790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0080. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135790);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/23\");\n\n script_cve_id(\n \"CVE-2019-8904\",\n \"CVE-2019-8905\",\n \"CVE-2019-8906\",\n \"CVE-2019-8907\"\n );\n script_bugtraq_id(107130, 107137, 107158);\n\n script_name(english:\"Photon OS 3.0: File PHSA-2020-3.0-0080\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the file package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-80.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8907\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:file\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"file-5.38-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"file-debuginfo-5.38-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"file-devel-5.38-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"file-libs-5.38-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:38:25", "description": "It was discovered that file incorrectly handled certain malformed ELF\nfiles. An attacker could use this issue to cause a denial of service,\nor possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-19T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : file vulnerabilities (USN-3911-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libmagic1", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:file"], "id": "UBUNTU_USN-3911-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3911-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122946);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/04\");\n\n script_cve_id(\"CVE-2019-8904\", \"CVE-2019-8905\", \"CVE-2019-8906\", \"CVE-2019-8907\");\n script_xref(name:\"USN\", value:\"3911-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : file vulnerabilities (USN-3911-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that file incorrectly handled certain malformed ELF\nfiles. An attacker could use this issue to cause a denial of service,\nor possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3911-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected file and / or libmagic1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagic1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"file\", pkgver:\"1:5.25-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagic1\", pkgver:\"1:5.25-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"file\", pkgver:\"1:5.32-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagic1\", pkgver:\"1:5.32-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"file\", pkgver:\"1:5.34-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libmagic1\", pkgver:\"1:5.34-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / libmagic1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-30T07:07:55", "description": "An update of the file package has been released.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-22T00:00:00", "title": "Photon OS 2.0: File PHSA-2020-2.0-0228", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "modified": "2020-04-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:file", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0228_FILE.NASL", "href": "https://www.tenable.com/plugins/nessus/135863", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0228. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135863);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/23\");\n\n script_cve_id(\n \"CVE-2019-8904\",\n \"CVE-2019-8905\",\n \"CVE-2019-8906\",\n \"CVE-2019-8907\"\n );\n script_bugtraq_id(107130, 107137, 107158);\n\n script_name(english:\"Photon OS 2.0: File PHSA-2020-2.0-0228\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the file package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-228.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8907\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:file\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"file-5.38-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"file-debuginfo-5.38-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"file-devel-5.38-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"file-libs-5.38-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T02:33:19", "description": " - CVE-2019-8907 - remote denial of service in do_core_note\n in readelf.c\n\n - CVE-2019-8905 - stack-based buffer over-read in\n do_core_note in readelf.c\n\n - CVE-2019-8904 - stack-based buffer over-read in\n do_bid_note in readelf.c\n\n - CVE-2019-8906 - out-of-bounds read in do_core_note in\n readelf.c\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-01T00:00:00", "title": "Fedora 29 : file (2019-15f5147b27)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:file"], "id": "FEDORA_2019-15F5147B27.NASL", "href": "https://www.tenable.com/plugins/nessus/122520", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-15f5147b27.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122520);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/07\");\n\n script_cve_id(\"CVE-2019-8904\", \"CVE-2019-8905\", \"CVE-2019-8906\", \"CVE-2019-8907\");\n script_xref(name:\"FEDORA\", value:\"2019-15f5147b27\");\n\n script_name(english:\"Fedora 29 : file (2019-15f5147b27)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2019-8907 - remote denial of service in do_core_note\n in readelf.c\n\n - CVE-2019-8905 - stack-based buffer over-read in\n do_core_note in readelf.c\n\n - CVE-2019-8904 - stack-based buffer over-read in\n do_bid_note in readelf.c\n\n - CVE-2019-8906 - out-of-bounds read in do_core_note in\n readelf.c\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-15f5147b27\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected file package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:file\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"file-5.34-12.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:15", "description": "According to the versions of the file packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n allows remote attackers to cause a denial of service\n (stack corruption and application crash) or possibly\n have unspecified other impact.(CVE-2019-8907)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n has an out-of-bounds read because memcpy is\n misused.(CVE-2019-8906)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n has a stack-based buffer over-read, related to\n file_printable, a different vulnerability than\n CVE-2018-10360.(CVE-2019-8905)\n\n - do_bid_note in readelf.c in libmagic.a in file 5.35 has\n a stack-based buffer over-read, related to file_printf\n and file_vprintf.(CVE-2019-8904)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-09-29T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : file (EulerOS-SA-2020-2038)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "modified": "2020-09-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:file-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.0", "p-cpe:/a:huawei:euleros:file"], "id": "EULEROS_SA-2020-2038.NASL", "href": "https://www.tenable.com/plugins/nessus/140986", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140986);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-8904\",\n \"CVE-2019-8905\",\n \"CVE-2019-8906\",\n \"CVE-2019-8907\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : file (EulerOS-SA-2020-2038)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the file packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n allows remote attackers to cause a denial of service\n (stack corruption and application crash) or possibly\n have unspecified other impact.(CVE-2019-8907)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n has an out-of-bounds read because memcpy is\n misused.(CVE-2019-8906)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n has a stack-based buffer over-read, related to\n file_printable, a different vulnerability than\n CVE-2018-10360.(CVE-2019-8905)\n\n - do_bid_note in readelf.c in libmagic.a in file 5.35 has\n a stack-based buffer over-read, related to file_printf\n and file_vprintf.(CVE-2019-8904)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2038\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1401e7f6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected file packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"file-5.34-3.h5.eulerosv2r8\",\n \"file-libs-5.34-3.h5.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:05:40", "description": "According to the versions of the file packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - do_bid_note in readelf.c in libmagic.a in file 5.35 has\n a stack-based buffer over-read, related to file_printf\n and file_vprintf.(CVE-2019-8904)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n has a stack-based buffer over-read, related to\n file_printable, a different vulnerability than\n CVE-2018-10360.(CVE-2019-8905)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n has an out-of-bounds read because memcpy is\n misused.(CVE-2019-8906)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n allows remote attackers to cause a denial of service\n (stack corruption and application crash) or possibly\n have unspecified other impact.(CVE-2019-8907)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-28T00:00:00", "title": "EulerOS 2.0 SP8 : file (EulerOS-SA-2020-1845)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "modified": "2020-08-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:file-libs", "p-cpe:/a:huawei:euleros:file", "p-cpe:/a:huawei:euleros:python3-magic", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1845.NASL", "href": "https://www.tenable.com/plugins/nessus/139948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139948);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-8904\",\n \"CVE-2019-8905\",\n \"CVE-2019-8906\",\n \"CVE-2019-8907\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : file (EulerOS-SA-2020-1845)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the file packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - do_bid_note in readelf.c in libmagic.a in file 5.35 has\n a stack-based buffer over-read, related to file_printf\n and file_vprintf.(CVE-2019-8904)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n has a stack-based buffer over-read, related to\n file_printable, a different vulnerability than\n CVE-2018-10360.(CVE-2019-8905)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n has an out-of-bounds read because memcpy is\n misused.(CVE-2019-8906)\n\n - do_core_note in readelf.c in libmagic.a in file 5.35\n allows remote attackers to cause a denial of service\n (stack corruption and application crash) or possibly\n have unspecified other impact.(CVE-2019-8907)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1845\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49a5f026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected file packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"file-5.34-3.h5.eulerosv2r8\",\n \"file-libs-5.34-3.h5.eulerosv2r8\",\n \"python3-magic-5.34-3.h5.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T01:23:27", "description": "do_bid_note in readelf.c in libmagic.a has a stack-based buffer\nover-read, related to file_printf and file_vprintf. (CVE-2019-8904)\n\ndo_core_note in readelf.c in libmagic.a has a stack-based buffer\nover-read, related to file_printable, a different vulnerability than\nCVE-2018-10360 . (CVE-2019-8905)\n\ndo_core_note in readelf.c in libmagic.a allows remote attackers to\ncause a denial of service (stack corruption and application crash) or\npossibly have unspecified other impact. (CVE-2019-8907)\n\ndo_core_note in readelf.c in libmagic.a has an out-of-bounds read\nbecause memcpy is misused. (CVE-2019-8906)", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-26T00:00:00", "title": "Amazon Linux AMI : file (ALAS-2019-1186)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:file-devel", "p-cpe:/a:amazon:linux:file", "p-cpe:/a:amazon:linux:python27-magic", "p-cpe:/a:amazon:linux:file-static", "p-cpe:/a:amazon:linux:file-debuginfo", "p-cpe:/a:amazon:linux:file-libs", "p-cpe:/a:amazon:linux:python26-magic", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1186.NASL", "href": "https://www.tenable.com/plugins/nessus/123091", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1186.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123091);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/03\");\n\n script_cve_id(\"CVE-2019-8904\", \"CVE-2019-8905\", \"CVE-2019-8906\", \"CVE-2019-8907\");\n script_xref(name:\"ALAS\", value:\"2019-1186\");\n\n script_name(english:\"Amazon Linux AMI : file (ALAS-2019-1186)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"do_bid_note in readelf.c in libmagic.a has a stack-based buffer\nover-read, related to file_printf and file_vprintf. (CVE-2019-8904)\n\ndo_core_note in readelf.c in libmagic.a has a stack-based buffer\nover-read, related to file_printable, a different vulnerability than\nCVE-2018-10360 . (CVE-2019-8905)\n\ndo_core_note in readelf.c in libmagic.a allows remote attackers to\ncause a denial of service (stack corruption and application crash) or\npossibly have unspecified other impact. (CVE-2019-8907)\n\ndo_core_note in readelf.c in libmagic.a has an out-of-bounds read\nbecause memcpy is misused. (CVE-2019-8906)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1186.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update file' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"file-5.34-3.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"file-debuginfo-5.34-3.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"file-devel-5.34-3.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"file-libs-5.34-3.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"file-static-5.34-3.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-magic-5.34-3.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-magic-5.34-3.37.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / file-debuginfo / file-devel / file-libs / file-static / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T02:40:00", "description": " - CVE-2019-8907 - remote denial of service in do_core_note\n in readelf.c\n\n - CVE-2019-8905 - stack-based buffer over-read in\n do_core_note in readelf.c\n\n - CVE-2019-8906 - out-of-bounds read in do_core_note in\n readelf.c\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-13T00:00:00", "title": "Fedora 28 : file (2019-c90f32a130)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:file", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-C90F32A130.NASL", "href": "https://www.tenable.com/plugins/nessus/122800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-c90f32a130.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122800);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/05\");\n\n script_cve_id(\"CVE-2019-8905\", \"CVE-2019-8906\", \"CVE-2019-8907\");\n script_xref(name:\"FEDORA\", value:\"2019-c90f32a130\");\n\n script_name(english:\"Fedora 28 : file (2019-c90f32a130)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2019-8907 - remote denial of service in do_core_note\n in readelf.c\n\n - CVE-2019-8905 - stack-based buffer over-read in\n do_core_note in readelf.c\n\n - CVE-2019-8906 - out-of-bounds read in do_core_note in\n readelf.c\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c90f32a130\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected file package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:file\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"file-5.33-10.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:51:03", "description": "This update for file fixes the following issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-10360: Fixed an out-of-bounds read in the\n function do_core_note in readelf.c, which allowed remote\n attackers to cause a denial of service (application\n crash) via a crafted ELF file (bsc#1096974)\n\n - CVE-2019-8905: Fixed a stack-based buffer over-read in\n do_core_note in readelf.c (bsc#1126118)\n\n - CVE-2019-8906: Fixed an out-of-bounds read in\n do_core_note in readelf. c (bsc#1126119)\n\n - CVE-2019-8907: Fixed a stack corruption in do_core_note\n in readelf.c (bsc#1126117)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 15, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-19T00:00:00", "title": "openSUSE Security Update : file (openSUSE-2019-345)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907"], "modified": "2019-03-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmagic1", "p-cpe:/a:novell:opensuse:python2-magic", "p-cpe:/a:novell:opensuse:file-devel", "p-cpe:/a:novell:opensuse:libmagic1-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:file-devel-32bit", "p-cpe:/a:novell:opensuse:libmagic1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:file-debugsource", "p-cpe:/a:novell:opensuse:file", "p-cpe:/a:novell:opensuse:libmagic1-32bit", "p-cpe:/a:novell:opensuse:file-magic", "p-cpe:/a:novell:opensuse:file-debuginfo", "p-cpe:/a:novell:opensuse:python3-magic"], "id": "OPENSUSE-2019-345.NASL", "href": "https://www.tenable.com/plugins/nessus/122942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-345.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122942);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10360\", \"CVE-2019-8905\", \"CVE-2019-8906\", \"CVE-2019-8907\");\n\n script_name(english:\"openSUSE Security Update : file (openSUSE-2019-345)\");\n script_summary(english:\"Check for the openSUSE-2019-345 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for file fixes the following issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-10360: Fixed an out-of-bounds read in the\n function do_core_note in readelf.c, which allowed remote\n attackers to cause a denial of service (application\n crash) via a crafted ELF file (bsc#1096974)\n\n - CVE-2019-8905: Fixed a stack-based buffer over-read in\n do_core_note in readelf.c (bsc#1126118)\n\n - CVE-2019-8906: Fixed an out-of-bounds read in\n do_core_note in readelf. c (bsc#1126119)\n\n - CVE-2019-8907: Fixed a stack corruption in do_core_note\n in readelf.c (bsc#1126117)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126119\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected file packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmagic1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmagic1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmagic1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmagic1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"file-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"file-debuginfo-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"file-debugsource-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"file-devel-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"file-magic-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmagic1-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libmagic1-debuginfo-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python2-magic-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-magic-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"file-devel-32bit-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libmagic1-32bit-5.32-lp150.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libmagic1-32bit-debuginfo-5.32-lp150.6.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / file-debuginfo / file-debugsource / file-devel-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2020-06-25T01:27:07", "bulletinFamily": "software", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nUSN-3911-1 fixed vulnerabilities in file. One of the backported security fixes introduced a regression that caused the interpreter string to be truncated. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2019-8904, CVE-2019-8905, CVE-2019-8906, CVE-2019-8907.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.179.0\n * Xenial Stemcells \n * 170.x versions prior to 170.220\n * 250.x versions prior to 250.199\n * 315.x versions prior to 315.184\n * 456.x versions prior to 456.113\n * 621.x versions prior to 621.75\n * All other stemcells not listed.\n * CF Deployment \n * All versions prior to v13.5.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.179.0 or greater\n * Xenial Stemcells \n * Upgrade 170.x versions to 170.220 or greater\n * Upgrade 250.x versions to 250.199 or greater\n * Upgrade 315.x versions to 315.184 or greater\n * Upgrade 456.x versions to 456.113 or greater\n * Upgrade 621.x versions to 621.75 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * CF Deployment \n * Upgrade All versions to v13.5.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/3911-2/>)\n * [CVE-2019-8904](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-8904>)\n * [CVE-2019-8905](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-8905>)\n * [CVE-2019-8906](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-8906>)\n * [CVE-2019-8907](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-8907>)\n\n## History\n\n2020-05-13: Initial vulnerability report published.\n", "edition": 1, "modified": "2020-06-24T00:00:00", "published": "2020-06-24T00:00:00", "id": "CFOUNDRY:CD634A7F3BAB77501CC15DE114C23139", "href": "https://www.cloudfoundry.org/blog/usn-3911-2/", "title": "USN-3911-2: file regression | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:41", "bulletinFamily": "software", "cvelist": ["CVE-2019-8906", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nIt was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2019-8904, CVE-2019-8905, CVE-2019-8906, CVE-2019-8907\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 250.x versions prior to 250.23\n * 170.x versions prior to 170.43\n * 97.x versions prior to 97.71\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.72.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 250.x versions to 250.23\n * Upgrade 170.x versions to 170.43\n * Upgrade 97.x versions to 97.71\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.72.0 or later.\n\n# References\n\n * [USN-3911-1](<https://usn.ubuntu.com/3911-1>)\n * [CVE-2019-8904](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-8904>)\n * [CVE-2019-8905](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-8905>)\n * [CVE-2019-8906](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-8906>)\n * [CVE-2019-8907](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-8907>)\n", "edition": 2, "modified": "2019-03-26T00:00:00", "published": "2019-03-26T00:00:00", "id": "CFOUNDRY:29F51970A6B8E7F72EFC2B6288D78B89", "href": "https://www.cloudfoundry.org/blog/usn-3911-1/", "title": "USN-3911-1: file vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10360", "CVE-2019-8904", "CVE-2019-8905", "CVE-2019-8906", "CVE-2019-8907"], "description": "Arch Linux Security Advisory ASA-201903-5\n=========================================\n\nSeverity: High\nDate : 2019-03-03\nCVE-ID : CVE-2019-8904 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907\nPackage : file\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-907\n\nSummary\n=======\n\nThe package file before version 5.36-1 is vulnerable to multiple issues\nincluding information disclosure and denial of service.\n\nResolution\n==========\n\nUpgrade to 5.36-1.\n\n# pacman -Syu \"file>=5.36-1\"\n\nThe problems have been fixed upstream in version 5.36.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2019-8904 (information disclosure)\n\ndo_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based\nbuffer over-read, related to file_printf and file_vprintf.\n\n- CVE-2019-8905 (information disclosure)\n\ndo_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based\nbuffer over-read, related to file_printable, a different vulnerability\nthan CVE-2018-10360.\n\n- CVE-2019-8906 (information disclosure)\n\ndo_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-\nbounds read because memcpy is misused.\n\n- CVE-2019-8907 (denial of service)\n\ndo_core_note in readelf.c in libmagic.a in file 5.35 allows remote\nattackers to cause a denial of service (stack corruption and\napplication crash) or possibly have unspecified other impact.\n\nImpact\n======\n\nA remote attack is able to display sensitive information within the\nfile process or cause a crash via a crafted ELF file.\n\nReferences\n==========\n\nhttps://bugs.astron.com/view.php?id=62\nhttps://bugs.astron.com/view.php?id=63\nhttps://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f\nhttps://bugs.astron.com/view.php?id=64\nhttps://bugs.astron.com/view.php?id=65\nhttps://security.archlinux.org/CVE-2019-8904\nhttps://security.archlinux.org/CVE-2019-8905\nhttps://security.archlinux.org/CVE-2019-8906\nhttps://security.archlinux.org/CVE-2019-8907", "modified": "2019-03-03T00:00:00", "published": "2019-03-03T00:00:00", "id": "ASA-201903-5", "href": "https://security.archlinux.org/ASA-201903-5", "type": "archlinux", "title": "[ASA-201903-5] file: multiple issues", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:21", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907", "CVE-2019-8904"], "description": "**Issue Overview:**\n\ndo_bid_note in readelf.c in libmagic.a has a stack-based buffer over-read, related to file_printf and file_vprintf. ([CVE-2019-8904 __](<https://access.redhat.com/security/cve/CVE-2019-8904>))\n\ndo_core_note in readelf.c in libmagic.a has a stack-based buffer over-read, related to file_printable, a different vulnerability than [CVE-2018-10360 __](<https://access.redhat.com/security/cve/CVE-2018-10360>). ([CVE-2019-8905 __](<https://access.redhat.com/security/cve/CVE-2019-8905>))\n\ndo_core_note in readelf.c in libmagic.a allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. ([CVE-2019-8907 __](<https://access.redhat.com/security/cve/CVE-2019-8907>))\n\ndo_core_note in readelf.c in libmagic.a has an out-of-bounds read because memcpy is misused. ([CVE-2019-8906 __](<https://access.redhat.com/security/cve/CVE-2019-8906>))\n\n \n**Affected Packages:** \n\n\nfile\n\n \n**Issue Correction:** \nRun _yum update file_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n file-5.34-3.37.amzn1.i686 \n file-devel-5.34-3.37.amzn1.i686 \n file-libs-5.34-3.37.amzn1.i686 \n file-debuginfo-5.34-3.37.amzn1.i686 \n file-static-5.34-3.37.amzn1.i686 \n \n noarch: \n python27-magic-5.34-3.37.amzn1.noarch \n python26-magic-5.34-3.37.amzn1.noarch \n \n src: \n file-5.34-3.37.amzn1.src \n \n x86_64: \n file-static-5.34-3.37.amzn1.x86_64 \n file-devel-5.34-3.37.amzn1.x86_64 \n file-5.34-3.37.amzn1.x86_64 \n file-debuginfo-5.34-3.37.amzn1.x86_64 \n file-libs-5.34-3.37.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2019-03-21T22:08:00", "published": "2019-03-21T22:08:00", "id": "ALAS-2019-1186", "href": "https://alas.aws.amazon.com/ALAS-2019-1186.html", "title": "Medium: file", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-04-12T15:14:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907"], "description": "This update for file fixes the following issues:\n\n The following security vulnerabilities were addressed:\n\n - Fixed an out-of-bounds read in the function do_core_note in readelf.c,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360).\n - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in\n readelf.c (bsc#1126118)\n - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c\n (bsc#1126119)\n - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c\n (bsc#1126117)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2019-04-12T12:39:52", "published": "2019-04-12T12:39:52", "id": "OPENSUSE-SU-2019:1197-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", "title": "Security update for file (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T18:20:21", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8906", "CVE-2018-10360", "CVE-2019-8905", "CVE-2019-8907"], "description": "This update for file fixes the following issues:\n\n The following security vulnerabilities were addressed:\n\n - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note\n in readelf.c, which allowed remote attackers to cause a denial of\n service (application crash) via a crafted ELF file (bsc#1096974)\n - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in\n readelf.c (bsc#1126118)\n - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c\n (bsc#1126119)\n - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c\n (bsc#1126117)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-03-18T15:13:26", "published": "2019-03-18T15:13:26", "id": "OPENSUSE-SU-2019:0345-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", "title": "Security update for file (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8906", "CVE-2019-8907"], "description": "New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded.\n Fix out-of-bounds read and denial-of-service security issues:\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nd774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz\n\nSlackware x86_64 -current package:\n20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg file-5.36-i586-1_slack14.2.txz", "modified": "2019-02-23T21:37:08", "published": "2019-02-23T21:37:08", "id": "SSA-2019-054-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.415561", "type": "slackware", "title": "[slackware-security] file", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:09:44", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8905", "CVE-2019-8907"], "description": "Package : file\nVersion : 1:5.22+15-2+deb8u5\nCVE ID : CVE-2019-8905 CVE-2019-8907\n\nPotential buffer over-reads in readelf.c have been found in file,\na popular file type guesser.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1:5.22+15-2+deb8u5.\n\nWe recommend that you upgrade your file packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2019-02-28T21:56:40", "published": "2019-02-28T21:56:40", "id": "DEBIAN:DLA-1698-1:624A5", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201902/msg00044.html", "title": "[SECURITY] [DLA 1698-1] file security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2020-12-24T20:43:52", "bulletinFamily": "software", "cvelist": ["CVE-2019-8518", "CVE-2019-8528", "CVE-2019-8549", "CVE-2019-6207", "CVE-2019-8563", "CVE-2019-8545", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8538", "CVE-2019-8558", "CVE-2019-8552", "CVE-2019-8517", "CVE-2019-8547", "CVE-2019-8906", "CVE-2019-8639", "CVE-2019-8544", "CVE-2019-8546", "CVE-2019-8638", "CVE-2019-7293", "CVE-2019-8553", "CVE-2019-8540", "CVE-2019-8542", "CVE-2019-8511", "CVE-2019-8536", "CVE-2019-8516", "CVE-2019-8527", "CVE-2019-8532", "CVE-2019-8525", "CVE-2019-8541", "CVE-2019-7292", "CVE-2019-8502", "CVE-2019-8531", "CVE-2019-5608", "CVE-2019-8548", "CVE-2019-8618", "CVE-2019-7286", "CVE-2019-8510", "CVE-2019-8514"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 5.2\n\nReleased March 27, 2019\n\n**Accounts**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted vcf file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2019-8538: Trevor Spiniolas (@TrevorSpiniolas)\n\nEntry added April 3, 2019\n\n**CFString**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2019-8516: SWIPS Team of Frifee Inc.\n\n**configd**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\n**Contacts**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2019-8511: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8542: an anonymous researcher\n\n**file**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted file might disclose user information\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8906: Francisco Alonso\n\nEntry updated April 15, 2019\n\n**Foundation**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Gro\u00df of Google Project Zero\n\n**GeoServices**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Clicking a malicious SMS link may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2019-8553: an anonymous researcher\n\n**iAP**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8542: an anonymous researcher\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to alter network traffic data\n\nDescription: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.\n\nCVE-2019-5608: Apple\n\nEntry added August 6, 2019\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2019-8547: derrek (@derrekr6)\n\nEntry added May 30, 2019\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8525: Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added May 30, 2019\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2019-8528: Fabiano Anemone (@anoane), Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team\n\nEntry added April 3, 2019\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\n\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-7293: Ned Williamson of Google\n\n**MediaLibrary**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A permissions issue was addressed by removing vulnerable code and adding additional checks.\n\nCVE-2019-8532: Angel Ramirez, Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\nEntry added May 30, 2019\n\n**Messages**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2019-8546: ChiYuan Chang\n\n**Passcode**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A partially entered passcode may not clear when the device goes to sleep\n\nDescription: An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps.\n\nCVE-2019-8548: Tobias Sachs\n\n**Power Management**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation.\n\nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)\n\n**Privacy**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious app may be able to track users between installs\n\nDescription: A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing.\n\nCVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the University of Cambridge, Ian Sheret of Polymath Insight Limited\n\n**Sandbox**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2019-8618: Brandon Azad\n\nEntry added May 30, 2019\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An untrusted radius server certificate may be trusted\n\nDescription: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.\n\nCVE-2019-8531: an anonymous researcher, QA team of SecureW2\n\nEntry added May 15, 2019\n\n**Siri**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to initiate a Dictation request without user authorization\n\nDescription: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation.\n\nCVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Caraba\u0219 of University POLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University POLITEHNICA of Bucharest\n\n**TrueTypeScaler**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8536: Apple\n\nCVE-2019-8544: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2019-8506: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-8518: Samuel Gro\u00df of Google Project Zero\n\nCVE-2019-8558: Samuel Gro\u00df of Google Project Zero\n\nCVE-2019-8559: Apple\n\nCVE-2019-8563: Apple\n\nCVE-2019-8638: found by OSS-Fuzz\n\nCVE-2019-8639: found by OSS-Fuzz\n\nEntry updated May 30, 2019\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team\n\n\n\n## Additional recognition\n\n**Accounts**\n\nWe would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt for their assistance.\n\nEntry added May 30, 2019\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Brandon Azad, Raz Mashat (@RazMashat) of Ilan Ramon High School for their assistance.\n\nEntry updated May 30, 2019\n", "edition": 2, "modified": "2019-08-07T04:48:16", "published": "2019-08-07T04:48:16", "id": "APPLE:HT209602", "href": "https://support.apple.com/kb/HT209602", "title": "About the security content of watchOS 5.2 - Apple Support", "type": "apple", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:57", "bulletinFamily": "software", "cvelist": ["CVE-2019-8518", "CVE-2019-8528", "CVE-2019-8503", "CVE-2019-8549", "CVE-2019-8523", "CVE-2019-6207", "CVE-2019-8563", "CVE-2019-8545", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8552", "CVE-2019-8515", "CVE-2019-8517", "CVE-2019-8547", "CVE-2019-8906", "CVE-2019-8639", "CVE-2019-8562", "CVE-2019-8551", "CVE-2019-8544", "CVE-2019-8638", "CVE-2019-7293", "CVE-2019-8553", "CVE-2019-6201", "CVE-2019-8556", "CVE-2019-8540", "CVE-2019-8542", "CVE-2019-6203", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8516", "CVE-2019-8527", "CVE-2019-8532", "CVE-2019-8525", "CVE-2019-7292", "CVE-2019-8502", "CVE-2019-8524", "CVE-2019-8531", "CVE-2019-8530", "CVE-2019-5608", "CVE-2019-8618", "CVE-2019-7286", "CVE-2019-8510", "CVE-2019-8514"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 12.2\n\nReleased March 25, 2019\n\n**802.1X**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: An attacker in a privileged network position may be able to intercept network traffic\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-6203: Dominic White of SensePost (@singe)\n\nEntry added April 15, 2019\n\n**CFString**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2019-8516: SWIPS Team of Frifee Inc.\n\n**configd**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\n**CoreCrypto**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8542: an anonymous researcher\n\n**file**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing a maliciously crafted file might disclose user information\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8906: Francisco Alonso\n\nEntry updated April 15, 2019\n\n**Foundation**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Gro\u00df of Google Project Zero\n\n**GeoServices**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Clicking a malicious SMS link may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2019-8553: an anonymous researcher\n\n**iAP**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8542: an anonymous researcher\n\n**IOHIDFamily**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A remote attacker may be able to alter network traffic data\n\nDescription: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.\n\nCVE-2019-5608: Apple\n\nEntry added August 6, 2019\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2019-8547: derrek (@derrekr6)\n\nEntry added May 30, 2019\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8525: Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added May 30, 2019\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2019-8528: Fabiano Anemone (@anoane), Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team\n\nEntry added April 3, 2019\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-7293: Ned Williamson of Google\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\n\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\n**MediaLibrary**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A permissions issue was addressed by removing vulnerable code and adding additional checks.\n\nCVE-2019-8532: Angel Ramirez, Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\nEntry added May 30, 2019\n\n**Power Management**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation.\n\nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)\n\n**Sandbox**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2019-8618: Brandon Azad\n\nEntry added May 30, 2019\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: An untrusted radius server certificate may be trusted\n\nDescription: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.\n\nCVE-2019-8531: an anonymous researcher, QA team of SecureW2\n\nEntry added May 15, 2019\n\n**Siri**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious application may be able to initiate a Dictation request without user authorization\n\nDescription: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation.\n\nCVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Caraba\u0219 of University POLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University POLITEHNICA of Bucharest\n\n**TrueTypeScaler**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2019-8551: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6201: dwfault working with ADLab of Venustech\n\nCVE-2019-8518: Samuel Gro\u00df of Google Project Zero\n\nCVE-2019-8523: Apple\n\nCVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative\n\nCVE-2019-8558: Samuel Gro\u00df of Google Project Zero\n\nCVE-2019-8559: Apple\n\nCVE-2019-8563: Apple\n\nCVE-2019-8638: found by OSS-Fuzz\n\nCVE-2019-8639: found by OSS-Fuzz\n\nEntry updated May 30, 2019\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed with improved input validation.\n\nCVE-2019-8515: James Lee (@Windowsrcer)\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8536: Apple\n\nCVE-2019-8544: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2019-7285: dwfault working at ADLab of Venustech\n\nCVE-2019-8556: Apple\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2019-8506: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2019-8503: Linus S\u00e4rud of Detectify\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team\n\n**XPC**\n\nAvailable for: Apple TV 4K and Apple TV HD _previously Apple TV (4th generation)_\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs\n\n\n\n## Additional recognition\n\n**Accounts**\n\nWe would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt for their assistance.\n\nEntry added May 30, 2019\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Brandon Azad, Raz Mashat (@RazMashat) of Ilan Ramon High School for their assistance.\n\nEntry updated May 30, 2019\n\n**Safari**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com), Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance.\n\nEntry updated May 30, 2019\n\n**WebKit**\n\nWe would like to acknowledge Andrey Kovalev of Yandex Security Team for their assistance.\n", "edition": 2, "modified": "2019-08-07T04:50:47", "published": "2019-08-07T04:50:47", "id": "APPLE:HT209601", "href": "https://support.apple.com/kb/HT209601", "title": "About the security content of tvOS 12.2 - Apple Support", "type": "apple", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:54", "bulletinFamily": "software", "cvelist": ["CVE-2019-8526", "CVE-2019-8528", "CVE-2019-8549", "CVE-2019-8534", "CVE-2019-8555", "CVE-2019-8504", "CVE-2019-8522", "CVE-2019-8521", "CVE-2019-8645", "CVE-2018-4448", "CVE-2019-8561", "CVE-2018-4433", "CVE-2019-6207", "CVE-2019-8545", "CVE-2019-8777", "CVE-2019-8533", "CVE-2019-8520", "CVE-2018-18313", "CVE-2019-8513", "CVE-2019-8538", "CVE-2019-8552", "CVE-2019-8612", "CVE-2019-8519", "CVE-2019-8517", "CVE-2019-8547", "CVE-2019-8906", "CVE-2019-6238", "CVE-2018-18311", "CVE-2019-8642", "CVE-2019-8546", "CVE-2018-12015", "CVE-2019-7293", "CVE-2019-8529", "CVE-2019-8565", "CVE-2019-8540", "CVE-2019-8508", "CVE-2019-8542", "CVE-2019-6203", "CVE-2019-8537", "CVE-2019-6239", "CVE-2019-8511", "CVE-2019-8579", "CVE-2019-8516", "CVE-2019-8527", "CVE-2019-8525", "CVE-2019-8567", "CVE-2019-8564", "CVE-2019-8507", "CVE-2019-8502", "CVE-2019-8531", "CVE-2019-8530", "CVE-2019-5608", "CVE-2019-8618", "CVE-2019-8510", "CVE-2019-8514", "CVE-2019-8550", "CVE-2019-8569"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra\n\nReleased March 25, 2019\n\n**802.1X**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: An attacker in a privileged network position may be able to intercept network traffic\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-6203: Dominic White of SensePost (@singe)\n\nEntry added April 15, 2019\n\n**802.1X**\n\nAvailable for: macOS High Sierra 10.13.6\n\nImpact: An untrusted radius server certificate may be trusted\n\nDescription: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.\n\nCVE-2019-8531: an anonymous researcher, QA team of SecureW2\n\nEntry added May 15, 2019\n\n**Accounts**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: Processing a maliciously crafted vcf file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2019-8538: Trevor Spiniolas (@TrevorSpiniolas)\n\nEntry added April 3, 2019\n\n**APFS**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2019-8534: Mac working with Trend Micro's Zero Day Initiative\n\nEntry added April 15, 2019\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team\n\n**Bom**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A malicious application may bypass Gatekeeper checks\n\nDescription: This issue was addressed with improved handling of file metadata.\n\nCVE-2019-6239: Ian Moorhouse and Michael Trimm\n\n**CFString**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2019-8516: SWIPS Team of Frifee Inc.\n\n**configd**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\n**Contacts**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2019-8511: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8542: an anonymous researcher\n\n**DiskArbitration**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8522: Colin Meginnis (@falc420)\n\n**FaceTime**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A user\u2019s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing\n\nDescription: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.\n\nCVE-2019-8550: Lauren Guzniczak of Keystone Academy\n\n**FaceTime**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A local attacker may be able to view contacts from the lock screen\n\nDescription: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.\n\nCVE-2019-8777: Abdullah H. AlJaber (@aljaber) of AJ.SA\n\nEntry added October 8, 2019\n\n**Feedback Assistant**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs\n\n**Feedback Assistant**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs\n\n**file**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: Processing a maliciously crafted file might disclose user information\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8906: Francisco Alonso\n\nEntry updated April 15, 2019\n\n**Graphics Drivers**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative, Lilang Wu and Moony Li of Trend Micro\n\nEntry updated August 1, 2019\n\n**iAP**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8542: an anonymous researcher\n\n**IOGraphics**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A Mac may not lock when disconnecting from an external monitor\n\nDescription: A lock handling issue was addressed with improved lock handling.\n\nCVE-2019-8533: an anonymous researcher, James Eagan of T\u00e9l\u00e9com ParisTech, R. Scott Kemp of MIT, and Romke van Dijk of Z-CERT\n\n**IOHIDFamily**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\n**IOKit**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8504: an anonymous researcher\n\n**IOKit SCSI**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro Research working with Trend Micro's Zero Day Initiative\n\nEntry updated April 15, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4448: Brandon Azad\n\nEntry added September 17, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: A remote attacker may be able to alter network traffic data\n\nDescription: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.\n\nCVE-2019-5608: Apple\n\nEntry added August 6, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.3, macOS High Sierra 10.13.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2019-8528: Fabiano Anemone (@anoane), Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team\n\nEntry added April 3, 2019, updated August 1, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\n\nImpact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8508: Dr. Silvio Cesare of InfoSect\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-7293: Ned Williamson of Google\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\n\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2019-8547: derrek (@derrekr6)\n\nEntry added August 1, 2019\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8525: Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added August 1, 2019\n\n**libmalloc**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry added August 1, 2019, updated September 17, 2019\n\n**Mail**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: Processing a maliciously crafted mail message may lead to S/MIME signature spoofing\n\nDescription: An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates.\n\nCVE-2019-8642: Maya Sigal of Freie Universit\u00e4t Berlin and Volker Roth of Freie Universit\u00e4t Berlin\n\nEntry added August 1, 2019\n\n**Mail**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail\n\nDescription: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail.\n\nCVE-2019-8645: Maya Sigal of Freie Universit\u00e4t Berlin and Volker Roth of Freie Universit\u00e4t Berlin\n\nEntry added August 1, 2019\n\n**Messages**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2019-8546: ChiYuan Chang\n\n**Modem CCL**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An input validation issue was addressed with improved memory handling.\n\nCVE-2019-8579: an anonymous researcher\n\nEntry added April 15, 2019\n\n**Notes**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A local user may be able to view a user\u2019s locked notes\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2019-8537: Greg Walker (gregwalker.us)\n\n**PackageKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2019-8561: Jaron Bradley of Crowdstrike\n\n**Perl**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: Multiple issues in Perl\n\nDescription: Multiple issues in Perl were addressed in this update.\n\nCVE-2018-12015: Jakub Wilk\n\nCVE-2018-18311: Jayakrishna Menon\n\nCVE-2018-18313: Eiichi Tsukata\n\n**Power Management**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation.\n\nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)\n\n**QuartzCore**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: Processing malicious data may lead to unexpected application termination\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2019-8507: Kai Lu of Fortinet's FortiGuard Labs\n\n**Sandbox**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2019-8618: Brandon Azad\n\nEntry added August 1, 2019\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2019-8526: Linus Henze (pinauten.de)\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC)\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: An untrusted radius server certificate may be trusted\n\nDescription: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.\n\nCVE-2019-8531: an anonymous researcher, QA team of SecureW2\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: An untrusted radius server certificate may be trusted\n\nDescription: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.\n\nCVE-2019-8531: an anonymous researcher, QA team of SecureW2\n\nEntry added May 15, 2019\n\n**Siri**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to initiate a Dictation request without user authorization\n\nDescription: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation.\n\nCVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Caraba\u0219 of University POLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University POLITEHNICA of Bucharest\n\n**Time Machine**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: A local user may be able to execute arbitrary shell commands\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs\n\n**Touch Bar Support**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8569: Viktor Oreshkin (@stek29)\n\nEntry added August 1, 2019\n\n**TrueTypeScaler**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative\n\n**Wi-Fi**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3\n\nImpact: An attacker in a privileged network position can modify driver state\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2019-8564: Hugues Anguelkov during an internship at Quarkslab\n\nEntry added April 15, 2019\n\n**Wi-Fi**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6\n\nImpact: An attacker in a privileged network position can modify driver state\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8612: Milan Stute of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\nEntry added August 1, 2019\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: A device may be passively tracked by its Wi-Fi MAC address\n\nDescription: A user privacy issue was addressed by removing the broadcast MAC address.\n\nCVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\nEntry added August 1, 2019\n\n**xar**\n\nAvailable for: macOS Mojave 10.14.3\n\nImpact: Processing a maliciously crafted package may lead to arbitrary code execution\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2019-6238: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added April 15, 2019\n\n**XPC**\n\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs\n\n\n\n## Additional recognition\n\n**Accounts**\n\nWe would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt for their assistance.\n\n**Books**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad, Brandon Azad of Google Project Zero, Daniel Roethlisberger of Swisscom CSIRT, Raz Mashat (@RazMashat) of Ilan Ramon High School for their assistance.\n\nEntry updated September 17, 2019\n\n**Mail**\n\nWe would like to acknowledge Craig Young of Tripwire VERT and Hanno B\u00f6ck for their assistance.\n\n**Time Machine**\n\nWe would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance.\n", "edition": 3, "modified": "2020-07-27T08:22:02", "published": "2020-07-27T08:22:02", "id": "APPLE:HT209600", "href": "https://support.apple.com/kb/HT209600", "title": "About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra - Apple Support", "type": "apple", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:43", "bulletinFamily": "software", "cvelist": ["CVE-2019-8518", "CVE-2019-8528", "CVE-2019-8503", "CVE-2019-8549", "CVE-2019-8504", "CVE-2019-8521", "CVE-2019-8523", "CVE-2019-6207", "CVE-2019-8563", "CVE-2019-8545", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-7284", "CVE-2019-8538", "CVE-2019-8558", "CVE-2019-8552", "CVE-2019-8515", "CVE-2019-8517", "CVE-2019-8547", "CVE-2019-8554", "CVE-2019-8906", "CVE-2019-8639", "CVE-2019-8562", "CVE-2019-6204", "CVE-2019-8551", "CVE-2019-8566", "CVE-2019-8544", "CVE-2019-8546", "CVE-2019-8505", "CVE-2019-8638", "CVE-2019-7293", "CVE-2019-8553", "CVE-2019-6201", "CVE-2019-8556", "CVE-2019-8529", "CVE-2019-8565", "CVE-2019-8540", "CVE-2019-8542", "CVE-2019-6203", "CVE-2019-8511", "CVE-2019-7285", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8516", "CVE-2019-8527", "CVE-2019-8532", "CVE-2019-8525", "CVE-2019-8567", "CVE-2019-8541", "CVE-2019-7292", "CVE-2019-8502", "CVE-2019-8524", "CVE-2019-6222", "CVE-2019-8531", "CVE-2019-8530", "CVE-2019-5608", "CVE-2019-8618", "CVE-2019-8510", "CVE-2019-8512", "CVE-2019-8514", "CVE-2019-8550"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 12.2\n\nReleased March 25, 2019\n\n**802.1X**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to intercept network traffic\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-6203: Dominic White of SensePost (@singe)\n\nEntry added April 15, 2019\n\n**Accounts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted vcf file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2019-8538: Trevor Spiniolas (@TrevorSpiniolas)\n\nEntry added April 3, 2019\n\n**CFString**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2019-8516: SWIPS Team of Frifee Inc.\n\n**configd**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\n**Contacts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2019-8511: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8542: an anonymous researcher\n\n**Exchange ActiveSync**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure\n\nDescription: This issue was addressed with improved transparency.\n\nCVE-2019-8512: an anonymous researcher, Dennis Munsie of Amazon.com\n\nEntry updated April 3, 2019\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user\u2019s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing\n\nDescription: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.\n\nCVE-2019-8550: Lauren Guzniczak of Keystone Academy\n\n**Feedback Assistant**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs\n\n**Feedback Assistant**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs\n\n**file**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted file might disclose user information\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8906: Francisco Alonso\n\nEntry updated April 15, 2019\n\n**GeoServices**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Clicking a malicious SMS link may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2019-8553: an anonymous researcher\n\n**iAP**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8542: an anonymous researcher\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8504: an anonymous researcher\n\n**IOKit SCSI**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro Research working with Trend Micro's Zero Day Initiative\n\nEntry updated April 15, 2019\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to alter network traffic data\n\nDescription: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.\n\nCVE-2019-5608: Apple\n\nEntry added August 6, 2019\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2019-8547: derrek (@derrekr6)\n\nEntry added May 30, 2019\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8525: Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added May 30, 2019\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2019-8528: Fabiano Anemone (@anoane), Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team\n\nEntry added April 3, 2019\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-7293: Ned Williamson of Google\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\n\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted mail message may lead to S/MIME signature spoofing\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-7284: Damian Poddebniak of M\u00fcnster University of Applied Sciences\n\n**MediaLibrary**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A permissions issue was addressed by removing vulnerable code and adding additional checks.\n\nCVE-2019-8532: Angel Ramirez, Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.\n\nEntry added May 30, 2019\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2019-8546: ChiYuan Chang\n\n**Power Management**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation.\n\nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)\n\n**Privacy**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious app may be able to track users between installs\n\nDescription: A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing.\n\nCVE-2019-8541: Stan (Jiexin) Zhang and Alastair R. Beresford of the University of Cambridge and Ian Sheret of Polymath Insight Limited\n\n**ReplayKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access the microphone without indication to the user\n\nDescription: An API issue existed in the handling of microphone data. This issue was addressed with improved validation.\n\nCVE-2019-8566: an anonymous researcher\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A website may be able to access sensor information without user consent\n\nDescription: A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions.\n\nCVE-2019-8554: an anonymous researcher\n\n**Safari Reader**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2019-6204: Ryan Pickren (ryanpickren.com)\n\nCVE-2019-8505: Ryan Pickren (ryanpickren.com)\n\n**Sandbox**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2019-8618: Brandon Azad\n\nEntry added May 30, 2019\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An untrusted radius server certificate may be trusted\n\nDescription: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.\n\nCVE-2019-8531: an anonymous researcher, QA team of SecureW2\n\nEntry added May 15, 2019\n\n**Siri**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to initiate a Dictation request without user authorization\n\nDescription: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation.\n\nCVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Caraba\u0219 of University POLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University POLITEHNICA of Bucharest\n\n**TrueTypeScaler**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2019-8551: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6201: dwfault working with ADLab of Venustech\n\nCVE-2019-8518: Samuel Gro\u00df of Google Project Zero\n\nCVE-2019-8523: Apple\n\nCVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative\n\nCVE-2019-8558: Samuel Gro\u00df of Google Project Zero\n\nCVE-2019-8559: Apple\n\nCVE-2019-8563: Apple\n\nCVE-2019-8638: found by OSS-Fuzz\n\nCVE-2019-8639: found by OSS-Fuzz\n\nEntry updated May 30, 2019\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A website may be able to access the microphone without the microphone use indicator being shown\n\nDescription: A consistency issue was addressed with improved state handling.\n\nCVE-2019-6222: Denis Markov of Resonance Software\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may disclose sensitive user information\n\nDescription: A cross-origin issue existed with the fetch API. This was addressed with improved input validation.\n\nCVE-2019-8515: James Lee (@Windowsrcer)\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8536: Apple\n\nCVE-2019-8544: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2019-7285: dwfault working at ADLab of Venustech\n\nCVE-2019-8556: Apple\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2019-8506: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2019-8503: Linus S\u00e4rud of Detectify\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A device may be passively tracked by its Wi-Fi MAC address\n\nDescription: A user privacy issue was addressed by removing the broadcast MAC address.\n\nCVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\n**XPC**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs\n\n\n\n## Additional recognition\n\n**Accounts**\n\nWe would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt for their assistance.\n\nEntry added May 30, 2019\n\n**Books**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Calendar**\n\nWe would like to acknowledge an anonymous researcher, Peter Hempsall of 104days.com, and Sascha Mogler of mogler.com for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad, Raz Mashat (@RazMashat) of Ilan Ramon High School, Brandon Azad of Google Project Zero for their assistance.\n\nEntry updated May 30, 2019\n\n**Quick Look**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com), Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry updated May 30, 2019\n\n**Screen Recording**\n\nWe would like to acknowledge Brandon Moore (@Brandonsecurity) for their assistance.\n\nEntry added November 6, 2019\n\n**Screen Time**\n\nWe would like to acknowledge Brandon Moore (@Brandonsecurity) for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Andrey Kovalev of Yandex Security Team, David House of Kaiser Permanente, Radha Patnayakuni of Salesforce for their assistance.\n\nEntry updated October 8, 2019\n", "edition": 3, "modified": "2020-07-27T08:18:09", "published": "2020-07-27T08:18:09", "id": "APPLE:HT209599", "href": "https://support.apple.com/kb/HT209599", "title": "About the security content of iOS 12.2 - Apple Support", "type": "apple", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:C"}}]}