Medium
Canonical Ubuntu
USN-3911-1 fixed vulnerabilities in file. One of the backported security fixes introduced a regression that caused the interpreter string to be truncated. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
CVEs contained in this USN include: CVE-2019-8904, CVE-2019-8905, CVE-2019-8906, CVE-2019-8907.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2020-05-13: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
cflinuxfs3 | lt | 0.179.0 | |
xenial stemcells | lt | 170.220 | |
xenial stemcells | lt | 250.199 | |
xenial stemcells | lt | 315.184 | |
xenial stemcells | lt | 456.113 | |
xenial stemcells | lt | 621.75 |