openSUSE-SU-2019:0345-1

CVE-2018-10360: Fixed an out-of-bounds read in the function docorenote in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974)
CVE-2019-8905: Fixed a stack-based buffer over-read in docorenote in readelf.c (bsc#1126118)
CVE-2019-8906: Fixed an out-of-bounds read in docorenote in readelf. c (bsc#1126119)
CVE-2019-8907: Fixed a stack corruption in docorenote in readelf.c (bsc#1126117)

This update was imported from the SUSE:SLE-15:Update update project.

References

Affected packages

openSUSE:Leap 15.0 / file

Package

Name: file
Purl: pkg:rpm/opensuse/file&distro=openSUSE%20Leap%2015.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.32-lp150.6.3.1

Ecosystem specific

{
    "binaries": [
        {
            "file-magic": "5.32-lp150.6.3.1",
            "file-devel-32bit": "5.32-lp150.6.3.1",
            "python2-magic": "5.32-lp150.6.3.1",
            "libmagic1": "5.32-lp150.6.3.1",
            "python3-magic": "5.32-lp150.6.3.1",
            "file": "5.32-lp150.6.3.1",
            "libmagic1-32bit": "5.32-lp150.6.3.1",
            "file-devel": "5.32-lp150.6.3.1"
        }
    ]
}

openSUSE:Leap 15.0 / python-magic

Package

Name: python-magic
Purl: pkg:rpm/opensuse/python-magic&distro=openSUSE%20Leap%2015.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.32-lp150.6.3.1

Ecosystem specific

{
    "binaries": [
        {
            "file-magic": "5.32-lp150.6.3.1",
            "file-devel-32bit": "5.32-lp150.6.3.1",
            "python2-magic": "5.32-lp150.6.3.1",
            "libmagic1": "5.32-lp150.6.3.1",
            "python3-magic": "5.32-lp150.6.3.1",
            "file": "5.32-lp150.6.3.1",
            "libmagic1-32bit": "5.32-lp150.6.3.1",
            "file-devel": "5.32-lp150.6.3.1"
        }
    ]
}