SUSE-SU-2019:0839-1
Vulnerability Summary
Timeline
Description
Security update for file This update for file fixes the following issues: The following security vulnerabilities were addressed: - Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360). - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117)
Affected Systems
- suse•file&distro=SUSE Linux Enterprise Desktop 12 SP3
< 5.22-10.12.2
- suse•file&distro=SUSE Linux Enterprise Desktop 12 SP4
< 5.22-10.12.2
- suse•file&distro=SUSE Linux Enterprise Server 12 SP3
< 5.22-10.12.2
- suse•file&distro=SUSE Linux Enterprise Server 12 SP4
< 5.22-10.12.2
- suse•file&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
< 5.22-10.12.2
- suse•file&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
< 5.22-10.12.2
- suse•file&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
< 5.22-10.12.2
- suse•file&distro=SUSE Linux Enterprise Software Development Kit 12 SP4
< 5.22-10.12.2
- suse•python-magic&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
< 5.22-10.12.2
- suse•python-magic&distro=SUSE Linux Enterprise Software Development Kit 12 SP4
< 5.22-10.12.2
References (10)
- https://www.suse.com/support/update/announcement/2019/suse-su-20190839-1/
- https://bugzilla.suse.com/1096974
- https://bugzilla.suse.com/1096984
- https://bugzilla.suse.com/1126117
- https://bugzilla.suse.com/1126118
- https://bugzilla.suse.com/1126119
- https://www.suse.com/security/cve/CVE-2018-10360
- https://www.suse.com/security/cve/CVE-2019-8905
- https://www.suse.com/security/cve/CVE-2019-8906
- https://www.suse.com/security/cve/CVE-2019-8907