ALAS2-2020-1452

Affecting file-libs package, versions <5.11-36.amzn2.0.1

Report new vulnerabilities
low severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2020-1452. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2018-10360: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. 1590000: CVE-2018-10360 file: out-of-bounds read via a crafted ELF file

Remediation

Upgrade file-libs to version or higher.

References

CVE
ALAS2-2020-1452
Snyk ID
SNYK-AMZN2-FILELIBS-585767
Published
16 Jul, 2020