OPENSUSE-SU-2019:0345-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 23 Mar 2019, 11:15
Last modified:04 Feb 2026, 04:22
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Mar 2019, 11:15
Published
Vulnerability first disclosed
04 Feb 2026, 04:22
Last Modified
Vulnerability information updated
Description
Security update for file This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•file&distro=openSUSE Leap 15.0
< 5.32-lp150.6.3.1
- opensuse•python-magic&distro=openSUSE Leap 15.0
< 5.32-lp150.6.3.1
References (10)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UQQSJOBQTS7ZNXZRM4RJ7J2R4FX7TI6L/#UQQSJOBQTS7ZNXZRM4RJ7J2R4FX7TI6L
- https://bugzilla.suse.com/1096974
- https://bugzilla.suse.com/1096984
- https://bugzilla.suse.com/1126117
- https://bugzilla.suse.com/1126118
- https://bugzilla.suse.com/1126119
- https://www.suse.com/security/cve/CVE-2018-10360
- https://www.suse.com/security/cve/CVE-2019-8905
- https://www.suse.com/security/cve/CVE-2019-8906
- https://www.suse.com/security/cve/CVE-2019-8907