Security update for file
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- Fixed an out-of-bounds read in the function do_core_note in readelf.c, which
allowed remote attackers to cause a denial of service (application crash) via
a crafted ELF file (bsc#1096974 CVE-2018-10360).
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Dr. Werner Fink (WernerFink)
Fixed bugs
bnc#1096984
VUL-1: CVE-2018-10360: php5,php53,php7: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remoteattackers to cause a denial of service (out-of-bounds read and applicationcrash) via a crafted ELF file.
bnc#1096974
VUL-1: CVE-2018-10360: file: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remoteattackers to cause a denial of service (out-of-bounds read and applicationcrash) via a crafted ELF file.
bnc#1126119
VUL-0: CVE-2019-8906: file: out-of-bounds read do_core_note in readelf.c
bnc#1126117
VUL-0: CVE-2019-8907: file: do_core_note in readelf.c in libmagic.a allows to cause a denial of service
bnc#1126118
VUL-0: CVE-2019-8905: file: stack-based buffer over-read in do_core_note in readelf.c
