vulnerability

CentOS Linux: CVE-2019-3817: Moderate: yum security, bug fix, and enhancement update (Multiple Advisories)

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Mar 27, 2019
Added
Nov 6, 2019
Modified
May 25, 2023

Description

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.

Solution(s)

centos-upgrade-createrepo_ccentos-upgrade-createrepo_c-debuginfocentos-upgrade-createrepo_c-debugsourcecentos-upgrade-createrepo_c-develcentos-upgrade-createrepo_c-libscentos-upgrade-createrepo_c-libs-debuginfocentos-upgrade-dnfcentos-upgrade-dnf-automaticcentos-upgrade-dnf-datacentos-upgrade-dnf-plugins-corecentos-upgrade-libcompscentos-upgrade-libcomps-debuginfocentos-upgrade-libcomps-debugsourcecentos-upgrade-libcomps-develcentos-upgrade-libcomps-doccentos-upgrade-libdnfcentos-upgrade-libdnf-debuginfocentos-upgrade-libdnf-debugsourcecentos-upgrade-librepocentos-upgrade-librepo-debuginfocentos-upgrade-librepo-debugsourcecentos-upgrade-librhsmcentos-upgrade-librhsm-debuginfocentos-upgrade-librhsm-debugsourcecentos-upgrade-libsolvcentos-upgrade-libsolv-debuginfocentos-upgrade-libsolv-debugsourcecentos-upgrade-libsolv-demo-debuginfocentos-upgrade-libsolv-tools-debuginfocentos-upgrade-microdnfcentos-upgrade-microdnf-debuginfocentos-upgrade-microdnf-debugsourcecentos-upgrade-perl-solv-debuginfocentos-upgrade-python-libcomps-doccentos-upgrade-python2-libcompscentos-upgrade-python3-createrepo_ccentos-upgrade-python3-createrepo_c-debuginfocentos-upgrade-python3-dnfcentos-upgrade-python3-dnf-plugin-versionlockcentos-upgrade-python3-dnf-plugins-corecentos-upgrade-python3-hawkeycentos-upgrade-python3-hawkey-debuginfocentos-upgrade-python3-libcompscentos-upgrade-python3-libcomps-debuginfocentos-upgrade-python3-libdnfcentos-upgrade-python3-libdnf-debuginfocentos-upgrade-python3-librepocentos-upgrade-python3-librepo-debuginfocentos-upgrade-python3-solv-debuginfocentos-upgrade-ruby-solv-debuginfocentos-upgrade-yumcentos-upgrade-yum-utils
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.