{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.4els/vex/2019/cve-2019-8607-els_os-centos8_4els.json" } ], "tracking": { "current_release_date": "2026-04-20T16:10:14Z", "generator": { "date": "2026-04-20T16:10:14Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2019-8607-ELS_OS-CENTOS8.4ELS", "initial_release_date": "2019-12-18T18:15:00Z", "revision_history": [ { "date": "2019-12-18T18:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-14T11:44:28Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-04-20T16:10:14Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "Security update on CVE-2019-8607" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.4", "product": { "name": "Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.4:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" }, { "branches": [ { "category": "product_version", "name": "file-roller-0:3.28.1-3.el8.4.x86_64", "product": { "name": "file-roller-0:3.28.1-3.el8.4.x86_64", "product_id": "file-roller-0:3.28.1-3.el8.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/file-roller@3.28.1-3.el8.4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "file-roller-0:3.28.1-3.el8.4.tuxcare.els1.x86_64", "product": { "name": "file-roller-0:3.28.1-3.el8.4.tuxcare.els1.x86_64", "product_id": "file-roller-0:3.28.1-3.el8.4.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/file-roller@3.28.1-3.el8.4.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "file-roller-0:3.28.1-3.el8.4.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:file-roller-0:3.28.1-3.el8.4.tuxcare.els1.x86_64" }, "product_reference": "file-roller-0:3.28.1-3.el8.4.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "file-roller-0:3.28.1-3.el8.4.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:file-roller-0:3.28.1-3.el8.4.x86_64" }, "product_reference": "file-roller-0:3.28.1-3.el8.4.x86_64", "relates_to_product_reference": "CentOS-8.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-8607", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "CentOS-8.4:file-roller-0:3.28.1-3.el8.4.tuxcare.els1.x86_64", "CentOS-8.4:file-roller-0:3.28.1-3.el8.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-8607" }, { "category": "external", "summary": "https://support.apple.com/HT210118", "url": "https://support.apple.com/HT210118" }, { "category": "external", "summary": "https://support.apple.com/HT210119", "url": "https://support.apple.com/HT210119" }, { "category": "external", "summary": "https://support.apple.com/HT210120", "url": "https://support.apple.com/HT210120" }, { "category": "external", "summary": "https://support.apple.com/HT210122", "url": "https://support.apple.com/HT210122" }, { "category": "external", "summary": "https://support.apple.com/HT210123", "url": "https://support.apple.com/HT210123" }, { "category": "external", "summary": "https://support.apple.com/HT210124", "url": "https://support.apple.com/HT210124" }, { "category": "external", "summary": "https://support.apple.com/HT210125", "url": "https://support.apple.com/HT210125" }, { "category": "external", "summary": "https://support.apple.com/HT210212", "url": "https://support.apple.com/HT210212" } ], "release_date": "2019-12-18T18:15:00Z", "remediations": [ { "category": "no_fix_planned", "details": "This vulnerability is an out-of-bounds read in WebKit (also affecting WebKitGTK) that requires a user to actively load malicious web content and only results in disclosure of memory from the rendering process, with no integrity or availability impact. Enterprise Linux server/VM deployments typically omit WebKit-based GUI stacks and do not browse untrusted web content, so the prerequisite conditions for exploitation are absent. Fixes have been available since 2019 across affected platforms, further limiting any realistic exposure in managed enterprise environments.", "product_ids": [ "CentOS-8.4:file-roller-0:3.28.1-3.el8.4.tuxcare.els1.x86_64", "CentOS-8.4:file-roller-0:3.28.1-3.el8.4.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-8.4:file-roller-0:3.28.1-3.el8.4.tuxcare.els1.x86_64", "CentOS-8.4:file-roller-0:3.28.1-3.el8.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }