openSUSE-SU-2019:0345-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:0345-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:0345-1
- Related
- Published
- 2019-03-23T11:15:50Z
- Modified
- 2019-03-23T11:15:50Z
- Summary
- Security update for file
- Details
-
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function docorenote in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in docorenote in readelf.c (bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in docorenote in readelf. c (bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in docorenote in readelf.c (bsc#1126117)
This update was imported from the SUSE:SLE-15:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UQQSJOBQTS7ZNXZRM4RJ7J2R4FX7TI6L/#UQQSJOBQTS7ZNXZRM4RJ7J2R4FX7TI6L
- https://bugzilla.suse.com/1096974
- https://bugzilla.suse.com/1096984
- https://bugzilla.suse.com/1126117
- https://bugzilla.suse.com/1126118
- https://bugzilla.suse.com/1126119
- https://www.suse.com/security/cve/CVE-2018-10360
- https://www.suse.com/security/cve/CVE-2019-8905
- https://www.suse.com/security/cve/CVE-2019-8906
- https://www.suse.com/security/cve/CVE-2019-8907
Affected packages
openSUSE:Leap 15.0 / file
Package
- Name
- file
- Purl
- purl:rpm/suse/file&distro=openSUSE%20Leap%2015.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.32-lp150.6.3.1
Ecosystem specific
{
"binaries": [
{
"libmagic1-32bit": "5.32-lp150.6.3.1",
"file-magic": "5.32-lp150.6.3.1",
"file": "5.32-lp150.6.3.1",
"file-devel": "5.32-lp150.6.3.1",
"python3-magic": "5.32-lp150.6.3.1",
"file-devel-32bit": "5.32-lp150.6.3.1",
"libmagic1": "5.32-lp150.6.3.1",
"python2-magic": "5.32-lp150.6.3.1"
}
]
}
openSUSE:Leap 15.0 / python-magic
Package
- Name
- python-magic
- Purl
- purl:rpm/suse/python-magic&distro=openSUSE%20Leap%2015.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.32-lp150.6.3.1
Ecosystem specific
{
"binaries": [
{
"libmagic1-32bit": "5.32-lp150.6.3.1",
"file-magic": "5.32-lp150.6.3.1",
"file": "5.32-lp150.6.3.1",
"file-devel": "5.32-lp150.6.3.1",
"python3-magic": "5.32-lp150.6.3.1",
"file-devel-32bit": "5.32-lp150.6.3.1",
"libmagic1": "5.32-lp150.6.3.1",
"python2-magic": "5.32-lp150.6.3.1"
}
]
}