VDB

GCVE-VVD-MAGEIA-2019-22

GCVE-VVD-MAGEIA-2019-22
Advisory Published
Vulnetix · Advisory published March 14, 2019
A flaw was found in GNU Coreutils through 8.29 in chown-core.c. The functions chown and chgrp do not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition (CVE-2017-18018). A flaw was found in Gnulib before 2018-09-23. The convert_to_decimal function in vasnprintf.c has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing (CVE-2018-17942).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiataglib0 (affected), 1.11.1-1.3.mga6 (unaffected)
Mageiacoreutils0 (affected), 8.25-3.1.mga6 (unaffected), 0 (affected), 8.25-3.1.mga6 (unaffected)

Aliases

CVE-2018-17942CVE-2017-18018

Transitive aliases

VVD-GENTOO-2020-714974VVD-GENTOO-2020-713104VVD-GENTOO-2020-714976VVD-GENTOO-2020-714982VVD-GENTOO-2020-714936VVD-GENTOO-2020-714938VVD-GENTOO-2020-714950VVD-GENTOO-2020-714996VVD-GENTOO-2020-714990EUVD-2017-9158CVE-2007-5795EUVD-2007-5765VVD-GENTOO-2020-714944VVD-GENTOO-2020-714966VVD-GENTOO-2020-714984VVD-GENTOO-2020-714942VVD-GENTOO-2020-714964VVD-GENTOO-2020-714998OPENSUSE-SU-2024:10735-1VVD-GENTOO-2007-197958VVD-GENTOO-2020-714960VVD-GENTOO-2020-714986VVD-GENTOO-2020-714968VVD-CISA-2017-18018OPENSUSE-SU-2024:10694-1VVD-GENTOO-2020-714956VVD-GENTOO-2020-714970VVD-GENTOO-2020-714948VVD-GENTOO-2020-714940CNVD-2017-06995GSD-2017-7476EUVD-2017-16497GHSA-qf2q-r4v7-rv34VVD-GENTOO-2020-714952VVD-GENTOO-2020-715002CVE-2017-7476GHSA-m9rq-c483-gg38VVD-GENTOO-2020-714954GHSA-xwh4-p62h-wq65VVD-GENTOO-2020-714980VVD-GENTOO-2020-714958VVD-GENTOO-2020-714994GSD-2018-17942VVD-GENTOO-2020-714962VVD-GENTOO-2020-714934VVD-GENTOO-2020-714972VVD-GENTOO-2020-714988EUVD-2018-9683VVD-GENTOO-2020-714992VVD-GENTOO-2020-714978VVD-GENTOO-2020-715000

References

Updated coreutils packages fix security vulnerabilities
advisory
Updated coreutils packages fix security vulnerabilities
issue
Updated coreutils packages fix security vulnerabilities
issue
Updated coreutils packages fix security vulnerabilities
issue
Updated coreutils packages fix security vulnerabilities
issue
Updated taglib packages fix file corruption
advisory
Updated taglib packages fix file corruption
issue
Updated taglib packages fix file corruption
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›