Amazon Linux 1 Security Advisory: ALAS-2019-1326
Advisory Release Date: 2019-12-13 21:12 Pacific
Advisory Updated Date: 2019-12-19 18:14 Pacific
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). (CVE-2019-18218)
Affected Packages:
file
Issue Correction:
Run yum update file to update your system.
i686:
file-debuginfo-5.37-8.48.amzn1.i686
file-devel-5.37-8.48.amzn1.i686
file-libs-5.37-8.48.amzn1.i686
file-5.37-8.48.amzn1.i686
file-static-5.37-8.48.amzn1.i686
noarch:
python27-magic-5.37-8.48.amzn1.noarch
python26-magic-5.37-8.48.amzn1.noarch
src:
file-5.37-8.48.amzn1.src
x86_64:
file-libs-5.37-8.48.amzn1.x86_64
file-static-5.37-8.48.amzn1.x86_64
file-debuginfo-5.37-8.48.amzn1.x86_64
file-5.37-8.48.amzn1.x86_64
file-devel-5.37-8.48.amzn1.x86_64