ALAS-2019-1326


Amazon Linux AMI Security Advisory: ALAS-2019-1326
Advisory Release Date: 2019-12-19 18:14 Pacific
Severity: Medium
References: CVE-2019-18218 

Issue Overview:

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). (CVE-2019-18218 )


Affected Packages:

file


Issue Correction:
Run yum update file to update your system.

New Packages:
i686:
    file-debuginfo-5.37-8.48.amzn1.i686
    file-devel-5.37-8.48.amzn1.i686
    file-libs-5.37-8.48.amzn1.i686
    file-5.37-8.48.amzn1.i686
    file-static-5.37-8.48.amzn1.i686

noarch:
    python27-magic-5.37-8.48.amzn1.noarch
    python26-magic-5.37-8.48.amzn1.noarch

src:
    file-5.37-8.48.amzn1.src

x86_64:
    file-libs-5.37-8.48.amzn1.x86_64
    file-static-5.37-8.48.amzn1.x86_64
    file-debuginfo-5.37-8.48.amzn1.x86_64
    file-5.37-8.48.amzn1.x86_64
    file-devel-5.37-8.48.amzn1.x86_64