MGASA-2019-0022
- Source
- https://advisories.mageia.org/MGASA-2019-0022.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0022.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2019-0022
- Related
- Published
- 2019-01-08T21:50:23Z
- Modified
- 2019-01-08T21:23:03Z
- Summary
- Updated coreutils packages fix security vulnerabilities
- Details
-
A flaw was found in GNU Coreutils through 8.29 in chown-core.c. The functions chown and chgrp do not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition (CVE-2017-18018).
A flaw was found in Gnulib before 2018-09-23. The converttodecimal function in vasnprintf.c has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing (CVE-2018-17942).
- References
-
- https://advisories.mageia.org/MGASA-2019-0022.html
- https://bugs.mageia.org/show_bug.cgi?id=23825
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JK2ISMPYUEU3JS3L7AVXEHWCI56INCJJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4ZP6L5HXDOVKYTM5ELLYE64H75MT4LZR/
- https://bugs.mageia.org/show_bug.cgi?id=22495
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / coreutils
Package
- Name
- coreutils
- Purl
- pkg:rpm/mageia/coreutils?arch=source&distro=mageia-6