Security update for file SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1197-1 Final 1 1 2019-04-12T07:24:26Z current 2019-04-12T07:24:26Z 2019-04-12T07:24:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for file This update for file fixes the following issues: The following security vulnerabilities were addressed: - Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360). - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html E-Mail link for openSUSE-SU-2019:1197-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 file-5.22-16.1 file-devel-5.22-16.1 file-magic-5.22-16.1 libmagic1-5.22-16.1 libmagic1-32bit-5.22-16.1 python-magic-5.22-16.1 file-5.22-16.1 as a component of openSUSE Leap 42.3 file-devel-5.22-16.1 as a component of openSUSE Leap 42.3 file-magic-5.22-16.1 as a component of openSUSE Leap 42.3 libmagic1-5.22-16.1 as a component of openSUSE Leap 42.3 libmagic1-32bit-5.22-16.1 as a component of openSUSE Leap 42.3 python-magic-5.22-16.1 as a component of openSUSE Leap 42.3 The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. CVE-2018-10360 openSUSE Leap 42.3:file-5.22-16.1 openSUSE Leap 42.3:file-devel-5.22-16.1 openSUSE Leap 42.3:file-magic-5.22-16.1 openSUSE Leap 42.3:libmagic1-32bit-5.22-16.1 openSUSE Leap 42.3:libmagic1-5.22-16.1 openSUSE Leap 42.3:python-magic-5.22-16.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html https://www.suse.com/security/cve/CVE-2018-10360.html CVE-2018-10360 https://bugzilla.suse.com/1096974 SUSE Bug 1096974 https://bugzilla.suse.com/1096984 SUSE Bug 1096984 https://bugzilla.suse.com/1126118 SUSE Bug 1126118 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. CVE-2019-8905 openSUSE Leap 42.3:file-5.22-16.1 openSUSE Leap 42.3:file-devel-5.22-16.1 openSUSE Leap 42.3:file-magic-5.22-16.1 openSUSE Leap 42.3:libmagic1-32bit-5.22-16.1 openSUSE Leap 42.3:libmagic1-5.22-16.1 openSUSE Leap 42.3:python-magic-5.22-16.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html https://www.suse.com/security/cve/CVE-2019-8905.html CVE-2019-8905 https://bugzilla.suse.com/1126117 SUSE Bug 1126117 https://bugzilla.suse.com/1126118 SUSE Bug 1126118 do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. CVE-2019-8906 openSUSE Leap 42.3:file-5.22-16.1 openSUSE Leap 42.3:file-devel-5.22-16.1 openSUSE Leap 42.3:file-magic-5.22-16.1 openSUSE Leap 42.3:libmagic1-32bit-5.22-16.1 openSUSE Leap 42.3:libmagic1-5.22-16.1 openSUSE Leap 42.3:python-magic-5.22-16.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html https://www.suse.com/security/cve/CVE-2019-8906.html CVE-2019-8906 https://bugzilla.suse.com/1126119 SUSE Bug 1126119 do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. CVE-2019-8907 openSUSE Leap 42.3:file-5.22-16.1 openSUSE Leap 42.3:file-devel-5.22-16.1 openSUSE Leap 42.3:file-magic-5.22-16.1 openSUSE Leap 42.3:libmagic1-32bit-5.22-16.1 openSUSE Leap 42.3:libmagic1-5.22-16.1 openSUSE Leap 42.3:python-magic-5.22-16.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html https://www.suse.com/security/cve/CVE-2019-8907.html CVE-2019-8907 https://bugzilla.suse.com/1126117 SUSE Bug 1126117