SUSE-SU-2019:0571-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 07 Mar 2019, 17:13
Last modified:04 Feb 2026, 03:09
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
07 Mar 2019, 17:13
Published
Vulnerability first disclosed
04 Feb 2026, 03:09
Last Modified
Vulnerability information updated
Description
Security update for file This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117)
Affected Systems
- suse•file&distro=SUSE Linux Enterprise Module for Basesystem 15
< 5.32-7.5.1
- suse•python-magic&distro=SUSE Linux Enterprise Module for Basesystem 15
< 5.32-7.5.1
- suse•python-magic&distro=SUSE Linux Enterprise Module for Development Tools 15
< 5.32-7.5.1
References (10)
- https://www.suse.com/support/update/announcement/2019/suse-su-20190571-1/
- https://bugzilla.suse.com/1096974
- https://bugzilla.suse.com/1096984
- https://bugzilla.suse.com/1126117
- https://bugzilla.suse.com/1126118
- https://bugzilla.suse.com/1126119
- https://www.suse.com/security/cve/CVE-2018-10360
- https://www.suse.com/security/cve/CVE-2019-8905
- https://www.suse.com/security/cve/CVE-2019-8906
- https://www.suse.com/security/cve/CVE-2019-8907