Описание
Security update for file
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360).
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2019:1197-1
- SUSE Security Ratings
Описание
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
Затронутые продукты
Ссылки
- CVE-2018-10360
- SUSE Bug 1096974
- SUSE Bug 1096984
- SUSE Bug 1126118
Описание
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
Затронутые продукты
Ссылки
- CVE-2019-8905
- SUSE Bug 1126117
- SUSE Bug 1126118
Описание
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
Затронутые продукты
Ссылки
- CVE-2019-8906
- SUSE Bug 1126119
Описание
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2019-8907
- SUSE Bug 1126117