--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-c90f32a130
2019-03-12 21:43:59.599192
--------------------------------------------------------------------------------
Name : file
Product : Fedora 28
Version : 5.33
Release : 10.fc28
URL :
http://www.darwinsys.com/file/
Summary : A utility for determining file types
Description :
The file command is used to identify a particular file according to the
type of data contained by the file. File can identify many different
file types, including ELF binaries, system libraries, RPM packages, and
different graphics formats.
--------------------------------------------------------------------------------
Update Information:
- CVE-2019-8907 - remote denial of service in do_core_note in readelf.c -
CVE-2019-8905 - stack-based buffer over-read in do_core_note in readelf.c -
CVE-2019-8906 - out-of-bounds read in do_core_note in readelf.c
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 25 2019 Kamil Dudka <kdudka(a)redhat.com> - 5.33-10
- remote denial of service in do_core_note in readelf.c (CVE-2019-8907)
- stack-based buffer over-read in do_core_note in readelf.c (CVE-2019-8905)
- out-of-bounds read in do_core_note in readelf.c (CVE-2019-8906)
* Mon Nov 12 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.33-9
- add magic for eBPF objects (#1648667)
* Mon Nov 5 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.33-8
- fix memory leak on an error path
* Tue Jul 17 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.33-7
- show details about ppc swap partition (#1224668)
- support longer version strings for clamav database (#1539107)
* Wed Jun 13 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.33-6
- fix out-of-bounds read via a crafted ELF file (CVE-2018-10360)
* Thu May 24 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.33-5
- do not classify shared libraries as pie executables in MIME output (#1581343)
* Tue May 22 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.33-4
- do not classify shared libraries as pie executables (#1581343)
- seccomp: fix build failure due to missing syscalls
* Mon Apr 30 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 5.33-3
- Update Python macros to new packaging standards
(See
https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build)
* Wed Apr 18 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.33-2
- increase strength of GIF to beat MBR (#1515180)
* Mon Apr 16 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.33-1
- update to new version 5.33
* Wed Mar 28 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.32-4
- make the python2-magic subpackage optional
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1679182 - CVE-2019-8905 file: stack-based buffer over-read in do_core_note in
readelf.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1679182
[ 2 ] Bug #1679176 - CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1679176
[ 3 ] Bug #1679139 - CVE-2019-8907 file: do_core_note in readelf.c allows remote
attackers to cause a denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1679139
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-c90f32a130' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------