CVE-2017-1000249 Amazon Linux Security Advisory for file: AL2012-2017-218

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2017-1000249: 1488053: CVE-2017-1000249 file: Stack-based buffer overflow in do_bid_note() An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).

QID Detection Logic (Authenticated):
This QID verifies if the versions of the following packages is less than 5.22-3.26.al12: file,file-devel,file-static,file-debuginfo,file-libs,python-magic

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Administrators are advised to apply the appropriate software updates.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

AL2012-2017-218

Leave a Reply