Red Hat Product Errata RHSA-2019:3898 - Security Advisory
Issued:
2019-11-18
Updated:
2019-11-18

RHSA-2019:3898 - Security Advisory

Synopsis

Moderate: libcomps security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libcomps is now available for Red Hat Enterprise Linux 7 Extras.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libcomps is library for structure-like manipulation with content of comps XML files. Supports read/write XML file, structure(s) modification.

Security Fix(es):

  • libcomps: use after free when merging two objmrtrees (CVE-2019-3817)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1668005 - CVE-2019-3817 libcomps: use after free when merging two objmrtrees

Red Hat Enterprise Linux Server 7

SRPM
libcomps-0.1.8-13.el7.src.rpm SHA-256: 7270aa1aece40b36a1fb02d6ab416a839a935e35b832b8faefb9b02a1072ad3a
x86_64
libcomps-0.1.8-13.el7.x86_64.rpm SHA-256: 662915b22624cc0942e861baa39f7eea6353dc6a8727bf7937aa9805b00c8181
libcomps-debuginfo-0.1.8-13.el7.x86_64.rpm SHA-256: 07bd95962640cbac682ffe01bc0fcee59253872180d50449537ce6f3687cc3c9
libcomps-devel-0.1.8-13.el7.x86_64.rpm SHA-256: f4f8e0cccd54302bf2afbf06df1d5f3c09b6e79af6026dba0fc5fd3ccc9e4454
libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: cb1852b36fa4e01d27313f8a541d3a9d6dabaf1f2cc192e0fc6d5695c7e933c8
python-libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: b257db8d5c5d2861d8ff2fd84c038b317a2e7b3746e0e89b001eacca873227e5
python2-libcomps-0.1.8-13.el7.x86_64.rpm SHA-256: 72081b8f3f9fe9cb69479b121c00e54c23f26e7cea8e5d2d9c06b09178013126

Red Hat Enterprise Linux Workstation 7

SRPM
libcomps-0.1.8-13.el7.src.rpm SHA-256: 7270aa1aece40b36a1fb02d6ab416a839a935e35b832b8faefb9b02a1072ad3a
x86_64
libcomps-0.1.8-13.el7.x86_64.rpm SHA-256: 662915b22624cc0942e861baa39f7eea6353dc6a8727bf7937aa9805b00c8181
libcomps-debuginfo-0.1.8-13.el7.x86_64.rpm SHA-256: 07bd95962640cbac682ffe01bc0fcee59253872180d50449537ce6f3687cc3c9
libcomps-devel-0.1.8-13.el7.x86_64.rpm SHA-256: f4f8e0cccd54302bf2afbf06df1d5f3c09b6e79af6026dba0fc5fd3ccc9e4454
libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: cb1852b36fa4e01d27313f8a541d3a9d6dabaf1f2cc192e0fc6d5695c7e933c8
python-libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: b257db8d5c5d2861d8ff2fd84c038b317a2e7b3746e0e89b001eacca873227e5
python2-libcomps-0.1.8-13.el7.x86_64.rpm SHA-256: 72081b8f3f9fe9cb69479b121c00e54c23f26e7cea8e5d2d9c06b09178013126

Red Hat Enterprise Linux Desktop 7

SRPM
libcomps-0.1.8-13.el7.src.rpm SHA-256: 7270aa1aece40b36a1fb02d6ab416a839a935e35b832b8faefb9b02a1072ad3a
x86_64
libcomps-0.1.8-13.el7.x86_64.rpm SHA-256: 662915b22624cc0942e861baa39f7eea6353dc6a8727bf7937aa9805b00c8181
libcomps-debuginfo-0.1.8-13.el7.x86_64.rpm SHA-256: 07bd95962640cbac682ffe01bc0fcee59253872180d50449537ce6f3687cc3c9
libcomps-devel-0.1.8-13.el7.x86_64.rpm SHA-256: f4f8e0cccd54302bf2afbf06df1d5f3c09b6e79af6026dba0fc5fd3ccc9e4454
libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: cb1852b36fa4e01d27313f8a541d3a9d6dabaf1f2cc192e0fc6d5695c7e933c8
python-libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: b257db8d5c5d2861d8ff2fd84c038b317a2e7b3746e0e89b001eacca873227e5
python2-libcomps-0.1.8-13.el7.x86_64.rpm SHA-256: 72081b8f3f9fe9cb69479b121c00e54c23f26e7cea8e5d2d9c06b09178013126

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
libcomps-0.1.8-13.el7.src.rpm SHA-256: 7270aa1aece40b36a1fb02d6ab416a839a935e35b832b8faefb9b02a1072ad3a
s390x
libcomps-0.1.8-13.el7.s390x.rpm SHA-256: f860ecce4cdd07bc085660b67ca3503522e77cb7756173533b88892c064fcb17
libcomps-debuginfo-0.1.8-13.el7.s390x.rpm SHA-256: 3b04e32a57332319bf2bf55c01f48478b0555b2e6bf57709cc321e959c7e7b67
libcomps-devel-0.1.8-13.el7.s390x.rpm SHA-256: b922cf744a8f72a80ff7d32fbd21be62e23bf1cc868c28e4abe028dd58023b3b
libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: cb1852b36fa4e01d27313f8a541d3a9d6dabaf1f2cc192e0fc6d5695c7e933c8
python-libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: b257db8d5c5d2861d8ff2fd84c038b317a2e7b3746e0e89b001eacca873227e5
python2-libcomps-0.1.8-13.el7.s390x.rpm SHA-256: 2002b0a1b33de7012bf0eaf8d0fdf75df17daeb759f9e5687e78a21319515fa4

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libcomps-0.1.8-13.el7.src.rpm SHA-256: 7270aa1aece40b36a1fb02d6ab416a839a935e35b832b8faefb9b02a1072ad3a
ppc64le
libcomps-0.1.8-13.el7.ppc64le.rpm SHA-256: c517667175bd1c4accb689645cd039a1aecc0f71818ca5f18a6ad4d1bddd391f
libcomps-debuginfo-0.1.8-13.el7.ppc64le.rpm SHA-256: 57e2c2de88a58ac9c58bf675e1cac1e74cdf677b6131ddd61640aeac289d595a
libcomps-devel-0.1.8-13.el7.ppc64le.rpm SHA-256: e6d6f8821a9da780f45dda6381f803e6630fb185e56e81dc99cff91821e5f66d
libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: cb1852b36fa4e01d27313f8a541d3a9d6dabaf1f2cc192e0fc6d5695c7e933c8
python-libcomps-doc-0.1.8-13.el7.noarch.rpm SHA-256: b257db8d5c5d2861d8ff2fd84c038b317a2e7b3746e0e89b001eacca873227e5
python2-libcomps-0.1.8-13.el7.ppc64le.rpm SHA-256: f125ede12ce759ca20053a84bb78db1e787245881e54776237f7c79f23d8bf15

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.