22 matches found
Slackware: Security Advisory (SSA:2019-054-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2019-0118)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:0571-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for file (EulerOS-SA-2020-1845)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 1.0: File PHSA-2020-1.0-0289
An update of the file package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0289. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid136031;...
Photon OS 2.0: File PHSA-2020-2.0-0228
An update of the file package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0228. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid135863;...
Photon OS 3.0: File PHSA-2020-3.0-0080
An update of the file package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0080. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid135790;...
openSUSE: Security Advisory for file (openSUSE-SU-2019:1197-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Amazon Linux AMI : file (ALAS-2019-1186)
dobidnote in readelf.c in libmagic.a has a stack-based buffer over-read, related to fileprintf and filevprintf. CVE-2019-8904 docorenote in readelf.c in libmagic.a has a stack-based buffer over-read, related to fileprintable, a different vulnerability than CVE-2018-10360 . CVE-2019-8905 docorenot...
USN-3911-1: file vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. CVEs...
openSUSE Security Update : file (openSUSE-2019-345)
This update for file fixes the following issues : The following security vulnerabilities were addressed : - CVE-2018-10360: Fixed an out-of-bounds read in the function docorenote in readelf.c, which allowed remote attackers to cause a denial of service application crash via a crafted ELF file...
openSUSE: Security Advisory for file (openSUSE-SU-2019:0345-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 28 : file (2019-c90f32a130)
CVE-2019-8907 - remote denial of service in docorenote in readelf.c - CVE-2019-8905 - stack-based buffer over-read in docorenote in readelf.c - CVE-2019-8906 - out-of-bounds read in docorenote in readelf.c Note that Tenable Network Security has extracted the preceding description block directly...
SUSE SLED15 / SLES15 Security Update : file (SUSE-SU-2019:0571-1)
This update for file fixes the following issues : The following security vulnerabilities were addressed : CVE-2018-10360: Fixed an out-of-bounds read in the function docorenote in readelf.c, which allowed remote attackers to cause a denial of service application crash via a crafted ELF file...
Fedora 29 : file (2019-15f5147b27)
CVE-2019-8907 - remote denial of service in docorenote in readelf.c - CVE-2019-8905 - stack-based buffer over-read in docorenote in readelf.c - CVE-2019-8904 - stack-based buffer over-read in dobidnote in readelf.c - CVE-2019-8906 - out-of-bounds read in docorenote in readelf.c Note that Tenable...
[SECURITY] [DLA 1698-1] file security update
Package : file Version : 1:5.22+15-2+deb8u5 CVE ID : CVE-2019-8905 CVE-2019-8907 Potential buffer over-reads in readelf.c have been found in file, a popular file type guesser. For Debian 8 "Jessie", these problems have been fixed in version 1:5.22+15-2+deb8u5. We recommend that you upgrade your...
Debian: Security Advisory (DLA-1698-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Slackware 14.0 / 14.1 / 14.2 / current : file (SSA:2019-054-01)
New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-054-01. The text itself is copyright C Slackware Linux,...
CVE-2019-8907
The CVE-2019-8907 issue affects the file utility (libmagic, static libmagic.a) in version 5.35, where do_core_note in readelf.c triggers a stack corruption/DoS (and possible other impact). The connected Arch Linux advisory (ALAS-2019-1186) documents multiple CVEs in file, including CVE-2019-8907,...
CVE-2019-8907
docorenote in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service stack corruption and application crash or possibly have unspecified other impact...