{"id":"MGASA-2019-0118","summary":"Updated file packages fix security vulnerabilities","details":"The updated file packages fix security vulnerabilities:\n\ndo_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based\nbuffer over-read, related to file_printable, a different vulnerability\nthan CVE-2018-10360. (CVE-2019-8905)\n\ndo_core_note in readelf.c in libmagic.a in file 5.35 allows remote\nattackers to cause a denial of service (stack corruption and application\ncrash) or possibly have unspecified other impact. (CVE-2019-8907)\n","modified":"2026-02-02T14:08:20.154744Z","published":"2019-03-29T15:51:06Z","related":["CVE-2019-8905","CVE-2019-8907"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0118.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24498"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JG7FM7W3R4C4P5R4PFNBYEGTQHASG2O/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5DKJLTXLQCKG4GQNC5JUDGVGAJAJJ2K3/"},{"type":"REPORT","url":"https://lists.suse.com/pipermail/sle-security-updates/2019-March/005176.html"},{"type":"REPORT","url":"https://usn.ubuntu.com/3911-1/"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2019-03/msg00076.html"}],"affected":[{"package":{"name":"file","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/file?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.25-5.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0118.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}