Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2019-19451: SUSE Linux Security Advisory

Back to Search

SUSE: CVE-2019-19451: SUSE Linux Security Advisory

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
11/29/2019
Created
12/31/2019
Added
12/28/2019
Modified
10/22/2021

Description

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.

Solution(s)

  • suse-upgrade-dia
  • suse-upgrade-dia-lang

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;