Описание
Security update for file
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360).
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117)
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Container suse/ltss/sle12.5/sles12sp5:latest
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Container suse/sles12sp3:latest
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Container suse/sles12sp4:latest
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Container suse/sles12sp5:latest
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-Azure-BYOS
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-Azure-Basic-On-Demand
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-Azure-HPC-BYOS
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-Azure-HPC-On-Demand
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-Azure-SAP-BYOS
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-Azure-SAP-On-Demand
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-Azure-Standard-On-Demand
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-EC2-BYOS
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-EC2-ECS-On-Demand
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-EC2-On-Demand
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-EC2-SAP-BYOS
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-EC2-SAP-On-Demand
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-GCE-BYOS
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-GCE-On-Demand
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-GCE-SAP-BYOS
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-GCE-SAP-On-Demand
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-OCI-BYOS-BYOS
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
SUSE Linux Enterprise Desktop 12 SP3
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
libmagic1-32bit-5.22-10.12.2
SUSE Linux Enterprise Desktop 12 SP4
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
libmagic1-32bit-5.22-10.12.2
SUSE Linux Enterprise Server 12 SP3
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
libmagic1-32bit-5.22-10.12.2
SUSE Linux Enterprise Server 12 SP4
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
libmagic1-32bit-5.22-10.12.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
libmagic1-32bit-5.22-10.12.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
file-5.22-10.12.2
file-magic-5.22-10.12.2
libmagic1-5.22-10.12.2
libmagic1-32bit-5.22-10.12.2
SUSE Linux Enterprise Software Development Kit 12 SP3
file-devel-5.22-10.12.2
python-magic-5.22-10.12.2
SUSE Linux Enterprise Software Development Kit 12 SP4
file-devel-5.22-10.12.2
python-magic-5.22-10.12.2
Ссылки
- Link for SUSE-SU-2019:0839-1
- E-Mail link for SUSE-SU-2019:0839-1
- SUSE Security Ratings
- SUSE Bug 1096974
- SUSE Bug 1096984
- SUSE Bug 1126117
- SUSE Bug 1126118
- SUSE Bug 1126119
- SUSE CVE CVE-2018-10360 page
- SUSE CVE CVE-2019-8905 page
- SUSE CVE CVE-2019-8906 page
- SUSE CVE CVE-2019-8907 page
Описание
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:file-5.22-10.12.2
Container caasp/v4/nginx-ingress-controller:beta1:file-magic-5.22-10.12.2
Container caasp/v4/nginx-ingress-controller:beta1:libmagic1-5.22-10.12.2
Container suse/ltss/sle12.5/sles12sp5:latest:file-magic-5.22-10.12.2
Ссылки
- CVE-2018-10360
- SUSE Bug 1096974
- SUSE Bug 1096984
- SUSE Bug 1126118
Описание
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:file-5.22-10.12.2
Container caasp/v4/nginx-ingress-controller:beta1:file-magic-5.22-10.12.2
Container caasp/v4/nginx-ingress-controller:beta1:libmagic1-5.22-10.12.2
Container suse/ltss/sle12.5/sles12sp5:latest:file-magic-5.22-10.12.2
Ссылки
- CVE-2019-8905
- SUSE Bug 1126117
- SUSE Bug 1126118
Описание
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:file-5.22-10.12.2
Container caasp/v4/nginx-ingress-controller:beta1:file-magic-5.22-10.12.2
Container caasp/v4/nginx-ingress-controller:beta1:libmagic1-5.22-10.12.2
Container suse/ltss/sle12.5/sles12sp5:latest:file-magic-5.22-10.12.2
Ссылки
- CVE-2019-8906
- SUSE Bug 1126119
Описание
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:file-5.22-10.12.2
Container caasp/v4/nginx-ingress-controller:beta1:file-magic-5.22-10.12.2
Container caasp/v4/nginx-ingress-controller:beta1:libmagic1-5.22-10.12.2
Container suse/ltss/sle12.5/sles12sp5:latest:file-magic-5.22-10.12.2
Ссылки
- CVE-2019-8907
- SUSE Bug 1126117