Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-8906 (GCVE-0-2019-8906)
Vulnerability from cvelistv5
Published
2019-02-18 17:00
Modified
2024-08-04 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"name": "openSUSE-SU-2019:0345",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"name": "USN-3911-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3911-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209602"
},
{
"name": "openSUSE-SU-2019:1197",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-16T09:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"name": "openSUSE-SU-2019:0345",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"name": "USN-3911-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3911-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209602"
},
{
"name": "openSUSE-SU-2019:1197",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.astron.com/view.php?id=64",
"refsource": "MISC",
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"name": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f",
"refsource": "MISC",
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"name": "openSUSE-SU-2019:0345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"name": "USN-3911-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3911-1/"
},
{
"name": "https://support.apple.com/kb/HT209599",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209599"
},
{
"name": "https://support.apple.com/kb/HT209601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209601"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209600"
},
{
"name": "https://support.apple.com/kb/HT209602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209602"
},
{
"name": "openSUSE-SU-2019:1197",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8906",
"datePublished": "2019-02-18T17:00:00",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-8906\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-02-18T17:29:01.033\",\"lastModified\":\"2024-11-21T04:50:38.213\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.\"},{\"lang\":\"es\",\"value\":\"do_core_note en readelf.c en libmagic.a en la versi\u00f3n 5.35 de file tiene una lectura fuera de l\u00edmites debido a una mala utilizaci\u00f3n de memcpy.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0ABAAD8-0CD0-45B4-ABA4-A5FE24F00F20\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.2\",\"matchCriteriaId\":\"1531E802-5419-4B38-8C0C-BDCBC272648F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.14.4\",\"matchCriteriaId\":\"09CDBB72-2A0D-4321-BA1F-4FB326A5646A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.2\",\"matchCriteriaId\":\"98912716-69F2-4372-98F0-BD6CCA9AAEB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2\",\"matchCriteriaId\":\"8962A4FE-AE67-421E-9635-B03E2EBCDF19\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.astron.com/view.php?id=64\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209599\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209600\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209601\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209602\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3911-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.astron.com/view.php?id=64\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209599\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT209602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3911-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
cnvd-2019-14259
Vulnerability from cnvd
Title: file readelf.c文件越界读取漏洞
Description:
file是一款使用在类Unix系统中、用于查看文件信息的命令行工具。
file 5.35版本中的libmagic.a静态链接库的readelf.c文件的do_core_note存在越界读取漏洞,该漏洞源于程度没有正确地使用内存拷贝函数。允许远程攻击者利用漏洞提交特殊的文件请求,可获取敏感信息。
Severity: 中
Patch Name: file readelf.c文件越界读取漏洞的补丁
Patch Description:
file是一款使用在类Unix系统中、用于查看文件信息的命令行工具。
file 5.35版本中的libmagic.a静态链接库的readelf.c文件的do_core_note存在越界读取漏洞,该漏洞源于程度没有正确地使用内存拷贝函数。允许远程攻击者利用漏洞提交特殊的文件请求,可获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f
Reference: https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f
Impacted products
| Name | File file 5.35 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-8906",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906"
}
},
"description": "file\u662f\u4e00\u6b3e\u4f7f\u7528\u5728\u7c7bUnix\u7cfb\u7edf\u4e2d\u3001\u7528\u4e8e\u67e5\u770b\u6587\u4ef6\u4fe1\u606f\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\n\nfile 5.35\u7248\u672c\u4e2d\u7684libmagic.a\u9759\u6001\u94fe\u63a5\u5e93\u7684readelf.c\u6587\u4ef6\u7684do_core_note\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5ea6\u6ca1\u6709\u6b63\u786e\u5730\u4f7f\u7528\u5185\u5b58\u62f7\u8d1d\u51fd\u6570\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u6587\u4ef6\u8bf7\u6c42\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "unknwon",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-14259",
"openTime": "2019-05-14",
"patchDescription": "file\u662f\u4e00\u6b3e\u4f7f\u7528\u5728\u7c7bUnix\u7cfb\u7edf\u4e2d\u3001\u7528\u4e8e\u67e5\u770b\u6587\u4ef6\u4fe1\u606f\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\r\n\r\nfile 5.35\u7248\u672c\u4e2d\u7684libmagic.a\u9759\u6001\u94fe\u63a5\u5e93\u7684readelf.c\u6587\u4ef6\u7684do_core_note\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5ea6\u6ca1\u6709\u6b63\u786e\u5730\u4f7f\u7528\u5185\u5b58\u62f7\u8d1d\u51fd\u6570\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u6587\u4ef6\u8bf7\u6c42\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "file readelf.c\u6587\u4ef6\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "File file 5.35"
},
"referenceLink": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f",
"serverity": "\u4e2d",
"submitTime": "2019-02-20",
"title": "file readelf.c\u6587\u4ef6\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}
suse-su-2019:0571-1
Vulnerability from csaf_suse
Published
2019-03-07 17:13
Modified
2019-03-07 17:13
Summary
Security update for file
Notes
Title of the patch
Security update for file
Description of the patch
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
readelf.c, which allowed remote attackers to cause a denial of service
(application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
Patchnames
SUSE-2019-571,SUSE-SLE-Module-Basesystem-15-2019-571,SUSE-SLE-Module-Development-Tools-15-2019-571
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for file",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for file fixes the following issues:\n\nThe following security vulnerabilities were addressed:\n\n- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in\n readelf.c, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted ELF file (bsc#1096974)\n- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c\n (bsc#1126118)\n- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c\n (bsc#1126119)\n- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c\n (bsc#1126117)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-571,SUSE-SLE-Module-Basesystem-15-2019-571,SUSE-SLE-Module-Development-Tools-15-2019-571",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0571-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0571-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190571-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0571-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190571-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1096974",
"url": "https://bugzilla.suse.com/1096974"
},
{
"category": "self",
"summary": "SUSE Bug 1096984",
"url": "https://bugzilla.suse.com/1096984"
},
{
"category": "self",
"summary": "SUSE Bug 1126117",
"url": "https://bugzilla.suse.com/1126117"
},
{
"category": "self",
"summary": "SUSE Bug 1126118",
"url": "https://bugzilla.suse.com/1126118"
},
{
"category": "self",
"summary": "SUSE Bug 1126119",
"url": "https://bugzilla.suse.com/1126119"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8905 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8906 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8907 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8907/"
}
],
"title": "Security update for file",
"tracking": {
"current_release_date": "2019-03-07T17:13:53Z",
"generator": {
"date": "2019-03-07T17:13:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0571-1",
"initial_release_date": "2019-03-07T17:13:53Z",
"revision_history": [
{
"date": "2019-03-07T17:13:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "file-5.32-7.5.1.aarch64",
"product": {
"name": "file-5.32-7.5.1.aarch64",
"product_id": "file-5.32-7.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "file-devel-5.32-7.5.1.aarch64",
"product": {
"name": "file-devel-5.32-7.5.1.aarch64",
"product_id": "file-devel-5.32-7.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmagic1-5.32-7.5.1.aarch64",
"product": {
"name": "libmagic1-5.32-7.5.1.aarch64",
"product_id": "libmagic1-5.32-7.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "python2-magic-5.32-7.5.1.aarch64",
"product": {
"name": "python2-magic-5.32-7.5.1.aarch64",
"product_id": "python2-magic-5.32-7.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-magic-5.32-7.5.1.aarch64",
"product": {
"name": "python3-magic-5.32-7.5.1.aarch64",
"product_id": "python3-magic-5.32-7.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "file-devel-64bit-5.32-7.5.1.aarch64_ilp32",
"product": {
"name": "file-devel-64bit-5.32-7.5.1.aarch64_ilp32",
"product_id": "file-devel-64bit-5.32-7.5.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libmagic1-64bit-5.32-7.5.1.aarch64_ilp32",
"product": {
"name": "libmagic1-64bit-5.32-7.5.1.aarch64_ilp32",
"product_id": "libmagic1-64bit-5.32-7.5.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.32-7.5.1.i586",
"product": {
"name": "file-5.32-7.5.1.i586",
"product_id": "file-5.32-7.5.1.i586"
}
},
{
"category": "product_version",
"name": "file-devel-5.32-7.5.1.i586",
"product": {
"name": "file-devel-5.32-7.5.1.i586",
"product_id": "file-devel-5.32-7.5.1.i586"
}
},
{
"category": "product_version",
"name": "libmagic1-5.32-7.5.1.i586",
"product": {
"name": "libmagic1-5.32-7.5.1.i586",
"product_id": "libmagic1-5.32-7.5.1.i586"
}
},
{
"category": "product_version",
"name": "python2-magic-5.32-7.5.1.i586",
"product": {
"name": "python2-magic-5.32-7.5.1.i586",
"product_id": "python2-magic-5.32-7.5.1.i586"
}
},
{
"category": "product_version",
"name": "python3-magic-5.32-7.5.1.i586",
"product": {
"name": "python3-magic-5.32-7.5.1.i586",
"product_id": "python3-magic-5.32-7.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "file-magic-5.32-7.5.1.noarch",
"product": {
"name": "file-magic-5.32-7.5.1.noarch",
"product_id": "file-magic-5.32-7.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.32-7.5.1.ppc64le",
"product": {
"name": "file-5.32-7.5.1.ppc64le",
"product_id": "file-5.32-7.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "file-devel-5.32-7.5.1.ppc64le",
"product": {
"name": "file-devel-5.32-7.5.1.ppc64le",
"product_id": "file-devel-5.32-7.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmagic1-5.32-7.5.1.ppc64le",
"product": {
"name": "libmagic1-5.32-7.5.1.ppc64le",
"product_id": "libmagic1-5.32-7.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python2-magic-5.32-7.5.1.ppc64le",
"product": {
"name": "python2-magic-5.32-7.5.1.ppc64le",
"product_id": "python2-magic-5.32-7.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-magic-5.32-7.5.1.ppc64le",
"product": {
"name": "python3-magic-5.32-7.5.1.ppc64le",
"product_id": "python3-magic-5.32-7.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.32-7.5.1.s390x",
"product": {
"name": "file-5.32-7.5.1.s390x",
"product_id": "file-5.32-7.5.1.s390x"
}
},
{
"category": "product_version",
"name": "file-devel-5.32-7.5.1.s390x",
"product": {
"name": "file-devel-5.32-7.5.1.s390x",
"product_id": "file-devel-5.32-7.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libmagic1-5.32-7.5.1.s390x",
"product": {
"name": "libmagic1-5.32-7.5.1.s390x",
"product_id": "libmagic1-5.32-7.5.1.s390x"
}
},
{
"category": "product_version",
"name": "python2-magic-5.32-7.5.1.s390x",
"product": {
"name": "python2-magic-5.32-7.5.1.s390x",
"product_id": "python2-magic-5.32-7.5.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-magic-5.32-7.5.1.s390x",
"product": {
"name": "python3-magic-5.32-7.5.1.s390x",
"product_id": "python3-magic-5.32-7.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.32-7.5.1.x86_64",
"product": {
"name": "file-5.32-7.5.1.x86_64",
"product_id": "file-5.32-7.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "file-devel-5.32-7.5.1.x86_64",
"product": {
"name": "file-devel-5.32-7.5.1.x86_64",
"product_id": "file-devel-5.32-7.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "file-devel-32bit-5.32-7.5.1.x86_64",
"product": {
"name": "file-devel-32bit-5.32-7.5.1.x86_64",
"product_id": "file-devel-32bit-5.32-7.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmagic1-5.32-7.5.1.x86_64",
"product": {
"name": "libmagic1-5.32-7.5.1.x86_64",
"product_id": "libmagic1-5.32-7.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmagic1-32bit-5.32-7.5.1.x86_64",
"product": {
"name": "libmagic1-32bit-5.32-7.5.1.x86_64",
"product_id": "libmagic1-32bit-5.32-7.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-magic-5.32-7.5.1.x86_64",
"product": {
"name": "python2-magic-5.32-7.5.1.x86_64",
"product_id": "python2-magic-5.32-7.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-magic-5.32-7.5.1.x86_64",
"product": {
"name": "python3-magic-5.32-7.5.1.x86_64",
"product_id": "python3-magic-5.32-7.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.32-7.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64"
},
"product_reference": "file-5.32-7.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.32-7.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le"
},
"product_reference": "file-5.32-7.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.32-7.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x"
},
"product_reference": "file-5.32-7.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.32-7.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64"
},
"product_reference": "file-5.32-7.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.32-7.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64"
},
"product_reference": "file-devel-5.32-7.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.32-7.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le"
},
"product_reference": "file-devel-5.32-7.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.32-7.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x"
},
"product_reference": "file-devel-5.32-7.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.32-7.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64"
},
"product_reference": "file-devel-5.32-7.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.32-7.5.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch"
},
"product_reference": "file-magic-5.32-7.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.32-7.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64"
},
"product_reference": "libmagic1-5.32-7.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.32-7.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le"
},
"product_reference": "libmagic1-5.32-7.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.32-7.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x"
},
"product_reference": "libmagic1-5.32-7.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.32-7.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64"
},
"product_reference": "libmagic1-5.32-7.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.32-7.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64"
},
"product_reference": "libmagic1-32bit-5.32-7.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-magic-5.32-7.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64"
},
"product_reference": "python2-magic-5.32-7.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-magic-5.32-7.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le"
},
"product_reference": "python2-magic-5.32-7.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-magic-5.32-7.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x"
},
"product_reference": "python2-magic-5.32-7.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-magic-5.32-7.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64"
},
"product_reference": "python2-magic-5.32-7.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-magic-5.32-7.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64"
},
"product_reference": "python3-magic-5.32-7.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-magic-5.32-7.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le"
},
"product_reference": "python3-magic-5.32-7.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-magic-5.32-7.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x"
},
"product_reference": "python3-magic-5.32-7.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-magic-5.32-7.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
},
"product_reference": "python3-magic-5.32-7.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10360"
}
],
"notes": [
{
"category": "general",
"text": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10360",
"url": "https://www.suse.com/security/cve/CVE-2018-10360"
},
{
"category": "external",
"summary": "SUSE Bug 1096974 for CVE-2018-10360",
"url": "https://bugzilla.suse.com/1096974"
},
{
"category": "external",
"summary": "SUSE Bug 1096984 for CVE-2018-10360",
"url": "https://bugzilla.suse.com/1096984"
},
{
"category": "external",
"summary": "SUSE Bug 1126118 for CVE-2018-10360",
"url": "https://bugzilla.suse.com/1126118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-07T17:13:53Z",
"details": "low"
}
],
"title": "CVE-2018-10360"
},
{
"cve": "CVE-2019-8905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8905"
}
],
"notes": [
{
"category": "general",
"text": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8905",
"url": "https://www.suse.com/security/cve/CVE-2019-8905"
},
{
"category": "external",
"summary": "SUSE Bug 1126117 for CVE-2019-8905",
"url": "https://bugzilla.suse.com/1126117"
},
{
"category": "external",
"summary": "SUSE Bug 1126118 for CVE-2019-8905",
"url": "https://bugzilla.suse.com/1126118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-07T17:13:53Z",
"details": "moderate"
}
],
"title": "CVE-2019-8905"
},
{
"cve": "CVE-2019-8906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8906"
}
],
"notes": [
{
"category": "general",
"text": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8906",
"url": "https://www.suse.com/security/cve/CVE-2019-8906"
},
{
"category": "external",
"summary": "SUSE Bug 1126119 for CVE-2019-8906",
"url": "https://bugzilla.suse.com/1126119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-07T17:13:53Z",
"details": "moderate"
}
],
"title": "CVE-2019-8906"
},
{
"cve": "CVE-2019-8907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8907"
}
],
"notes": [
{
"category": "general",
"text": "do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8907",
"url": "https://www.suse.com/security/cve/CVE-2019-8907"
},
{
"category": "external",
"summary": "SUSE Bug 1126117 for CVE-2019-8907",
"url": "https://bugzilla.suse.com/1126117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:file-devel-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:file-magic-5.32-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-32bit-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libmagic1-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-magic-5.32-7.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:python3-magic-5.32-7.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-07T17:13:53Z",
"details": "moderate"
}
],
"title": "CVE-2019-8907"
}
]
}
suse-su-2019:0839-1
Vulnerability from csaf_suse
Published
2019-04-02 11:13
Modified
2019-04-02 11:13
Summary
Security update for file
Notes
Title of the patch
Security update for file
Description of the patch
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- Fixed an out-of-bounds read in the function do_core_note in readelf.c, which
allowed remote attackers to cause a denial of service (application crash) via
a crafted ELF file (bsc#1096974 CVE-2018-10360).
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
Patchnames
SUSE-2019-839,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-839,SUSE-SLE-DESKTOP-12-SP3-2019-839,SUSE-SLE-DESKTOP-12-SP4-2019-839,SUSE-SLE-SDK-12-SP3-2019-839,SUSE-SLE-SDK-12-SP4-2019-839,SUSE-SLE-SERVER-12-SP3-2019-839,SUSE-SLE-SERVER-12-SP4-2019-839
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for file",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for file fixes the following issues:\n\nThe following security vulnerabilities were addressed:\n\n- Fixed an out-of-bounds read in the function do_core_note in readelf.c, which\n allowed remote attackers to cause a denial of service (application crash) via\n a crafted ELF file (bsc#1096974 CVE-2018-10360).\n- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c\n (bsc#1126118)\n- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c\n (bsc#1126119)\n- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c\n (bsc#1126117)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-839,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-839,SUSE-SLE-DESKTOP-12-SP3-2019-839,SUSE-SLE-DESKTOP-12-SP4-2019-839,SUSE-SLE-SDK-12-SP3-2019-839,SUSE-SLE-SDK-12-SP4-2019-839,SUSE-SLE-SERVER-12-SP3-2019-839,SUSE-SLE-SERVER-12-SP4-2019-839",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0839-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0839-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190839-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0839-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005284.html"
},
{
"category": "self",
"summary": "SUSE Bug 1096974",
"url": "https://bugzilla.suse.com/1096974"
},
{
"category": "self",
"summary": "SUSE Bug 1096984",
"url": "https://bugzilla.suse.com/1096984"
},
{
"category": "self",
"summary": "SUSE Bug 1126117",
"url": "https://bugzilla.suse.com/1126117"
},
{
"category": "self",
"summary": "SUSE Bug 1126118",
"url": "https://bugzilla.suse.com/1126118"
},
{
"category": "self",
"summary": "SUSE Bug 1126119",
"url": "https://bugzilla.suse.com/1126119"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8905 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8906 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8907 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8907/"
}
],
"title": "Security update for file",
"tracking": {
"current_release_date": "2019-04-02T11:13:39Z",
"generator": {
"date": "2019-04-02T11:13:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0839-1",
"initial_release_date": "2019-04-02T11:13:39Z",
"revision_history": [
{
"date": "2019-04-02T11:13:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "file-5.22-10.12.2.aarch64",
"product": {
"name": "file-5.22-10.12.2.aarch64",
"product_id": "file-5.22-10.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "file-devel-5.22-10.12.2.aarch64",
"product": {
"name": "file-devel-5.22-10.12.2.aarch64",
"product_id": "file-devel-5.22-10.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "file-magic-5.22-10.12.2.aarch64",
"product": {
"name": "file-magic-5.22-10.12.2.aarch64",
"product_id": "file-magic-5.22-10.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "libmagic1-5.22-10.12.2.aarch64",
"product": {
"name": "libmagic1-5.22-10.12.2.aarch64",
"product_id": "libmagic1-5.22-10.12.2.aarch64"
}
},
{
"category": "product_version",
"name": "python-magic-5.22-10.12.2.aarch64",
"product": {
"name": "python-magic-5.22-10.12.2.aarch64",
"product_id": "python-magic-5.22-10.12.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmagic1-64bit-5.22-10.12.2.aarch64_ilp32",
"product": {
"name": "libmagic1-64bit-5.22-10.12.2.aarch64_ilp32",
"product_id": "libmagic1-64bit-5.22-10.12.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.22-10.12.2.i586",
"product": {
"name": "file-5.22-10.12.2.i586",
"product_id": "file-5.22-10.12.2.i586"
}
},
{
"category": "product_version",
"name": "file-devel-5.22-10.12.2.i586",
"product": {
"name": "file-devel-5.22-10.12.2.i586",
"product_id": "file-devel-5.22-10.12.2.i586"
}
},
{
"category": "product_version",
"name": "file-magic-5.22-10.12.2.i586",
"product": {
"name": "file-magic-5.22-10.12.2.i586",
"product_id": "file-magic-5.22-10.12.2.i586"
}
},
{
"category": "product_version",
"name": "libmagic1-5.22-10.12.2.i586",
"product": {
"name": "libmagic1-5.22-10.12.2.i586",
"product_id": "libmagic1-5.22-10.12.2.i586"
}
},
{
"category": "product_version",
"name": "python-magic-5.22-10.12.2.i586",
"product": {
"name": "python-magic-5.22-10.12.2.i586",
"product_id": "python-magic-5.22-10.12.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.22-10.12.2.ppc64le",
"product": {
"name": "file-5.22-10.12.2.ppc64le",
"product_id": "file-5.22-10.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "file-devel-5.22-10.12.2.ppc64le",
"product": {
"name": "file-devel-5.22-10.12.2.ppc64le",
"product_id": "file-devel-5.22-10.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "file-magic-5.22-10.12.2.ppc64le",
"product": {
"name": "file-magic-5.22-10.12.2.ppc64le",
"product_id": "file-magic-5.22-10.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libmagic1-5.22-10.12.2.ppc64le",
"product": {
"name": "libmagic1-5.22-10.12.2.ppc64le",
"product_id": "libmagic1-5.22-10.12.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python-magic-5.22-10.12.2.ppc64le",
"product": {
"name": "python-magic-5.22-10.12.2.ppc64le",
"product_id": "python-magic-5.22-10.12.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.22-10.12.2.s390",
"product": {
"name": "file-5.22-10.12.2.s390",
"product_id": "file-5.22-10.12.2.s390"
}
},
{
"category": "product_version",
"name": "file-devel-5.22-10.12.2.s390",
"product": {
"name": "file-devel-5.22-10.12.2.s390",
"product_id": "file-devel-5.22-10.12.2.s390"
}
},
{
"category": "product_version",
"name": "file-magic-5.22-10.12.2.s390",
"product": {
"name": "file-magic-5.22-10.12.2.s390",
"product_id": "file-magic-5.22-10.12.2.s390"
}
},
{
"category": "product_version",
"name": "libmagic1-5.22-10.12.2.s390",
"product": {
"name": "libmagic1-5.22-10.12.2.s390",
"product_id": "libmagic1-5.22-10.12.2.s390"
}
},
{
"category": "product_version",
"name": "python-magic-5.22-10.12.2.s390",
"product": {
"name": "python-magic-5.22-10.12.2.s390",
"product_id": "python-magic-5.22-10.12.2.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.22-10.12.2.s390x",
"product": {
"name": "file-5.22-10.12.2.s390x",
"product_id": "file-5.22-10.12.2.s390x"
}
},
{
"category": "product_version",
"name": "file-devel-5.22-10.12.2.s390x",
"product": {
"name": "file-devel-5.22-10.12.2.s390x",
"product_id": "file-devel-5.22-10.12.2.s390x"
}
},
{
"category": "product_version",
"name": "file-magic-5.22-10.12.2.s390x",
"product": {
"name": "file-magic-5.22-10.12.2.s390x",
"product_id": "file-magic-5.22-10.12.2.s390x"
}
},
{
"category": "product_version",
"name": "libmagic1-5.22-10.12.2.s390x",
"product": {
"name": "libmagic1-5.22-10.12.2.s390x",
"product_id": "libmagic1-5.22-10.12.2.s390x"
}
},
{
"category": "product_version",
"name": "libmagic1-32bit-5.22-10.12.2.s390x",
"product": {
"name": "libmagic1-32bit-5.22-10.12.2.s390x",
"product_id": "libmagic1-32bit-5.22-10.12.2.s390x"
}
},
{
"category": "product_version",
"name": "python-magic-5.22-10.12.2.s390x",
"product": {
"name": "python-magic-5.22-10.12.2.s390x",
"product_id": "python-magic-5.22-10.12.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.22-10.12.2.x86_64",
"product": {
"name": "file-5.22-10.12.2.x86_64",
"product_id": "file-5.22-10.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "file-devel-5.22-10.12.2.x86_64",
"product": {
"name": "file-devel-5.22-10.12.2.x86_64",
"product_id": "file-devel-5.22-10.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "file-magic-5.22-10.12.2.x86_64",
"product": {
"name": "file-magic-5.22-10.12.2.x86_64",
"product_id": "file-magic-5.22-10.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libmagic1-5.22-10.12.2.x86_64",
"product": {
"name": "libmagic1-5.22-10.12.2.x86_64",
"product_id": "libmagic1-5.22-10.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "libmagic1-32bit-5.22-10.12.2.x86_64",
"product": {
"name": "libmagic1-32bit-5.22-10.12.2.x86_64",
"product_id": "libmagic1-32bit-5.22-10.12.2.x86_64"
}
},
{
"category": "product_version",
"name": "python-magic-5.22-10.12.2.x86_64",
"product": {
"name": "python-magic-5.22-10.12.2.x86_64",
"product_id": "python-magic-5.22-10.12.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64"
},
"product_reference": "file-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64"
},
"product_reference": "file-magic-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64"
},
"product_reference": "file-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64"
},
"product_reference": "file-magic-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64"
},
"product_reference": "file-devel-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le"
},
"product_reference": "file-devel-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x"
},
"product_reference": "file-devel-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64"
},
"product_reference": "file-devel-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-magic-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64"
},
"product_reference": "python-magic-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-magic-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le"
},
"product_reference": "python-magic-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-magic-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x"
},
"product_reference": "python-magic-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-magic-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64"
},
"product_reference": "python-magic-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64"
},
"product_reference": "file-devel-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le"
},
"product_reference": "file-devel-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x"
},
"product_reference": "file-devel-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64"
},
"product_reference": "file-devel-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-magic-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64"
},
"product_reference": "python-magic-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-magic-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le"
},
"product_reference": "python-magic-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-magic-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x"
},
"product_reference": "python-magic-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-magic-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
},
"product_reference": "python-magic-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64"
},
"product_reference": "file-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le"
},
"product_reference": "file-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x"
},
"product_reference": "file-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64"
},
"product_reference": "file-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64"
},
"product_reference": "file-magic-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le"
},
"product_reference": "file-magic-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x"
},
"product_reference": "file-magic-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64"
},
"product_reference": "file-magic-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64"
},
"product_reference": "libmagic1-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le"
},
"product_reference": "libmagic1-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x"
},
"product_reference": "libmagic1-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64"
},
"product_reference": "file-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le"
},
"product_reference": "file-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x"
},
"product_reference": "file-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64"
},
"product_reference": "file-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64"
},
"product_reference": "file-magic-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le"
},
"product_reference": "file-magic-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x"
},
"product_reference": "file-magic-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64"
},
"product_reference": "file-magic-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64"
},
"product_reference": "libmagic1-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le"
},
"product_reference": "libmagic1-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x"
},
"product_reference": "libmagic1-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64"
},
"product_reference": "file-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le"
},
"product_reference": "file-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x"
},
"product_reference": "file-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64"
},
"product_reference": "file-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64"
},
"product_reference": "file-magic-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le"
},
"product_reference": "file-magic-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x"
},
"product_reference": "file-magic-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64"
},
"product_reference": "file-magic-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64"
},
"product_reference": "libmagic1-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le"
},
"product_reference": "libmagic1-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x"
},
"product_reference": "libmagic1-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64"
},
"product_reference": "file-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le"
},
"product_reference": "file-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x"
},
"product_reference": "file-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64"
},
"product_reference": "file-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64"
},
"product_reference": "file-magic-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le"
},
"product_reference": "file-magic-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x"
},
"product_reference": "file-magic-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64"
},
"product_reference": "file-magic-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64"
},
"product_reference": "libmagic1-5.22-10.12.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le"
},
"product_reference": "libmagic1-5.22-10.12.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x"
},
"product_reference": "libmagic1-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.22-10.12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64"
},
"product_reference": "libmagic1-32bit-5.22-10.12.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10360"
}
],
"notes": [
{
"category": "general",
"text": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10360",
"url": "https://www.suse.com/security/cve/CVE-2018-10360"
},
{
"category": "external",
"summary": "SUSE Bug 1096974 for CVE-2018-10360",
"url": "https://bugzilla.suse.com/1096974"
},
{
"category": "external",
"summary": "SUSE Bug 1096984 for CVE-2018-10360",
"url": "https://bugzilla.suse.com/1096984"
},
{
"category": "external",
"summary": "SUSE Bug 1126118 for CVE-2018-10360",
"url": "https://bugzilla.suse.com/1126118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-02T11:13:39Z",
"details": "low"
}
],
"title": "CVE-2018-10360"
},
{
"cve": "CVE-2019-8905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8905"
}
],
"notes": [
{
"category": "general",
"text": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8905",
"url": "https://www.suse.com/security/cve/CVE-2019-8905"
},
{
"category": "external",
"summary": "SUSE Bug 1126117 for CVE-2019-8905",
"url": "https://bugzilla.suse.com/1126117"
},
{
"category": "external",
"summary": "SUSE Bug 1126118 for CVE-2019-8905",
"url": "https://bugzilla.suse.com/1126118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-02T11:13:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-8905"
},
{
"cve": "CVE-2019-8906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8906"
}
],
"notes": [
{
"category": "general",
"text": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8906",
"url": "https://www.suse.com/security/cve/CVE-2019-8906"
},
{
"category": "external",
"summary": "SUSE Bug 1126119 for CVE-2019-8906",
"url": "https://bugzilla.suse.com/1126119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-02T11:13:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-8906"
},
{
"cve": "CVE-2019-8907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8907"
}
],
"notes": [
{
"category": "general",
"text": "do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8907",
"url": "https://www.suse.com/security/cve/CVE-2019-8907"
},
{
"category": "external",
"summary": "SUSE Bug 1126117 for CVE-2019-8907",
"url": "https://bugzilla.suse.com/1126117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:file-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-32bit-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libmagic1-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:python-magic-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:file-devel-5.22-10.12.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:python-magic-5.22-10.12.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-02T11:13:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-8907"
}
]
}
var-201902-0872
Vulnerability from variot
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. file is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. file 5.35 is vulnerable; other versions may also be affected. file is a set of command-line tools used in Unix-like to view file information. The vulnerability stems from the fact that the memory copy function is not used correctly. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] file (SSA:2019-054-01)
New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded. Fix out-of-bounds read and denial-of-service security issues: For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: d774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz
Slackware 14.1 package: 0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: ca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz
Slackware 14.2 package: 4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz
Slackware -current package: 039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz
Slackware x86_64 -current package: 20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg file-5.36-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1 Xa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld EIS -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0872",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "file",
"scope": "eq",
"trust": 2.1,
"vendor": "file",
"version": "5.35"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2"
}
],
"sources": [
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:file_project:file",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vendor",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
],
"trust": 0.6
},
"cve": "CVE-2019-8906",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-8906",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-8906",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-160341",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2019-8906",
"impactScore": 2.5,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-8906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-8906",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-8906",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-710",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160341",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. file Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. file is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. \nfile 5.35 is vulnerable; other versions may also be affected. file is a set of command-line tools used in Unix-like to view file information. The vulnerability stems from the fact that the memory copy function is not used correctly. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] file (SSA:2019-054-01)\n\nNew file packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/file-5.36-i586-1_slack14.2.txz: Upgraded. \n Fix out-of-bounds read and denial-of-service security issues:\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/file-5.36-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/file-5.36-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/file-5.36-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/file-5.36-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/file-5.36-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/file-5.36-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/file-5.36-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/file-5.36-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd774a800d99acb0ad52f312ed83a072f file-5.36-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7be0a75f9f31f23b9c38b7ebf0192961 file-5.36-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n0ec7575d2786bb8c8abe7b568cab262f file-5.36-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nca23033d9beedda72c0793b796ad10b2 file-5.36-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n4dfa9268d6415052d99681543a884227 file-5.36-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n2e26d570e7b3c957155905b9150b1af0 file-5.36-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n039ec7588178a2026e77bd96d2c98552 a/file-5.36-i586-1.txz\n\nSlackware x86_64 -current package:\n20d07d173c3a2314eabe27620f662195 a/file-5.36-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg file-5.36-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlxxohgACgkQakRjwEAQIjM9ygCdHLmg1G9oSJsutsUaVk2G2kN1\nXa4AoI+VR7MyhQxXRJ1DRDb6HPDSm0Ld\nEIS\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-8906"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "PACKETSTORM",
"id": "151829"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-8906",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0738",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0860.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1107",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "42787",
"trust": 0.6
},
{
"db": "BID",
"id": "107158",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "151829",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-160341",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "PACKETSTORM",
"id": "151829"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"id": "VAR-201902-0872",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:35:57.205000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Avoid OOB read (found by ASAN reported by F. Alonso)",
"trust": 0.8,
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"title": "file Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89532"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/3911-1/"
},
{
"trust": 2.0,
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209599"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209600"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209601"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht209602"
},
{
"trust": 1.7,
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8906"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8906"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190571-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190839-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78294"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht209602"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht209600"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76730"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.0860.2/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42787"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/file-out-of-bounds-memory-reading-via-do-core-note-28590"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77270"
},
{
"trust": 0.3,
"url": "http://www.darwinsys.com/file/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679175"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-8906"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8907"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8907"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "PACKETSTORM",
"id": "151829"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160341"
},
{
"db": "BID",
"id": "107158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"db": "PACKETSTORM",
"id": "151829"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
},
{
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-160341"
},
{
"date": "2019-01-03T00:00:00",
"db": "BID",
"id": "107158"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"date": "2019-02-25T16:56:55",
"db": "PACKETSTORM",
"id": "151829"
},
{
"date": "2019-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-710"
},
{
"date": "2019-02-18T17:29:01.033000",
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-160341"
},
{
"date": "2019-01-03T00:00:00",
"db": "BID",
"id": "107158"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001781"
},
{
"date": "2021-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-710"
},
{
"date": "2024-11-21T04:50:38.213000",
"db": "NVD",
"id": "CVE-2019-8906"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "file Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001781"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-710"
}
],
"trust": 0.6
}
}
opensuse-su-2019:0345-1
Vulnerability from csaf_opensuse
Published
2019-03-23 11:15
Modified
2019-03-23 11:15
Summary
Security update for file
Notes
Title of the patch
Security update for file
Description of the patch
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
readelf.c, which allowed remote attackers to cause a denial of service
(application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-345
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for file",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for file fixes the following issues:\n\nThe following security vulnerabilities were addressed:\n\n- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in\n readelf.c, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted ELF file (bsc#1096974)\n- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c\n (bsc#1126118)\n- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c\n (bsc#1126119)\n- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c\n (bsc#1126117)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-345",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0345-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0345-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UQQSJOBQTS7ZNXZRM4RJ7J2R4FX7TI6L/#UQQSJOBQTS7ZNXZRM4RJ7J2R4FX7TI6L"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0345-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UQQSJOBQTS7ZNXZRM4RJ7J2R4FX7TI6L/#UQQSJOBQTS7ZNXZRM4RJ7J2R4FX7TI6L"
},
{
"category": "self",
"summary": "SUSE Bug 1096974",
"url": "https://bugzilla.suse.com/1096974"
},
{
"category": "self",
"summary": "SUSE Bug 1096984",
"url": "https://bugzilla.suse.com/1096984"
},
{
"category": "self",
"summary": "SUSE Bug 1126117",
"url": "https://bugzilla.suse.com/1126117"
},
{
"category": "self",
"summary": "SUSE Bug 1126118",
"url": "https://bugzilla.suse.com/1126118"
},
{
"category": "self",
"summary": "SUSE Bug 1126119",
"url": "https://bugzilla.suse.com/1126119"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8905 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8906 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8907 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8907/"
}
],
"title": "Security update for file",
"tracking": {
"current_release_date": "2019-03-23T11:15:50Z",
"generator": {
"date": "2019-03-23T11:15:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0345-1",
"initial_release_date": "2019-03-23T11:15:50Z",
"revision_history": [
{
"date": "2019-03-23T11:15:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "file-5.32-lp150.6.3.1.i586",
"product": {
"name": "file-5.32-lp150.6.3.1.i586",
"product_id": "file-5.32-lp150.6.3.1.i586"
}
},
{
"category": "product_version",
"name": "file-devel-5.32-lp150.6.3.1.i586",
"product": {
"name": "file-devel-5.32-lp150.6.3.1.i586",
"product_id": "file-devel-5.32-lp150.6.3.1.i586"
}
},
{
"category": "product_version",
"name": "libmagic1-5.32-lp150.6.3.1.i586",
"product": {
"name": "libmagic1-5.32-lp150.6.3.1.i586",
"product_id": "libmagic1-5.32-lp150.6.3.1.i586"
}
},
{
"category": "product_version",
"name": "python2-magic-5.32-lp150.6.3.1.i586",
"product": {
"name": "python2-magic-5.32-lp150.6.3.1.i586",
"product_id": "python2-magic-5.32-lp150.6.3.1.i586"
}
},
{
"category": "product_version",
"name": "python3-magic-5.32-lp150.6.3.1.i586",
"product": {
"name": "python3-magic-5.32-lp150.6.3.1.i586",
"product_id": "python3-magic-5.32-lp150.6.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "file-magic-5.32-lp150.6.3.1.noarch",
"product": {
"name": "file-magic-5.32-lp150.6.3.1.noarch",
"product_id": "file-magic-5.32-lp150.6.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "file-5.32-lp150.6.3.1.x86_64",
"product": {
"name": "file-5.32-lp150.6.3.1.x86_64",
"product_id": "file-5.32-lp150.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "file-devel-5.32-lp150.6.3.1.x86_64",
"product": {
"name": "file-devel-5.32-lp150.6.3.1.x86_64",
"product_id": "file-devel-5.32-lp150.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"product": {
"name": "file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"product_id": "file-devel-32bit-5.32-lp150.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmagic1-5.32-lp150.6.3.1.x86_64",
"product": {
"name": "libmagic1-5.32-lp150.6.3.1.x86_64",
"product_id": "libmagic1-5.32-lp150.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"product": {
"name": "libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"product_id": "libmagic1-32bit-5.32-lp150.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-magic-5.32-lp150.6.3.1.x86_64",
"product": {
"name": "python2-magic-5.32-lp150.6.3.1.x86_64",
"product_id": "python2-magic-5.32-lp150.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-magic-5.32-lp150.6.3.1.x86_64",
"product": {
"name": "python3-magic-5.32-lp150.6.3.1.x86_64",
"product_id": "python3-magic-5.32-lp150.6.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.32-lp150.6.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586"
},
"product_reference": "file-5.32-lp150.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-5.32-lp150.6.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64"
},
"product_reference": "file-5.32-lp150.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.32-lp150.6.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586"
},
"product_reference": "file-devel-5.32-lp150.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-5.32-lp150.6.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64"
},
"product_reference": "file-devel-5.32-lp150.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-devel-32bit-5.32-lp150.6.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64"
},
"product_reference": "file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "file-magic-5.32-lp150.6.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch"
},
"product_reference": "file-magic-5.32-lp150.6.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.32-lp150.6.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586"
},
"product_reference": "libmagic1-5.32-lp150.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-5.32-lp150.6.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64"
},
"product_reference": "libmagic1-5.32-lp150.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmagic1-32bit-5.32-lp150.6.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64"
},
"product_reference": "libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-magic-5.32-lp150.6.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586"
},
"product_reference": "python2-magic-5.32-lp150.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-magic-5.32-lp150.6.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64"
},
"product_reference": "python2-magic-5.32-lp150.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-magic-5.32-lp150.6.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586"
},
"product_reference": "python3-magic-5.32-lp150.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-magic-5.32-lp150.6.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
},
"product_reference": "python3-magic-5.32-lp150.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10360"
}
],
"notes": [
{
"category": "general",
"text": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10360",
"url": "https://www.suse.com/security/cve/CVE-2018-10360"
},
{
"category": "external",
"summary": "SUSE Bug 1096974 for CVE-2018-10360",
"url": "https://bugzilla.suse.com/1096974"
},
{
"category": "external",
"summary": "SUSE Bug 1096984 for CVE-2018-10360",
"url": "https://bugzilla.suse.com/1096984"
},
{
"category": "external",
"summary": "SUSE Bug 1126118 for CVE-2018-10360",
"url": "https://bugzilla.suse.com/1126118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:15:50Z",
"details": "low"
}
],
"title": "CVE-2018-10360"
},
{
"cve": "CVE-2019-8905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8905"
}
],
"notes": [
{
"category": "general",
"text": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8905",
"url": "https://www.suse.com/security/cve/CVE-2019-8905"
},
{
"category": "external",
"summary": "SUSE Bug 1126117 for CVE-2019-8905",
"url": "https://bugzilla.suse.com/1126117"
},
{
"category": "external",
"summary": "SUSE Bug 1126118 for CVE-2019-8905",
"url": "https://bugzilla.suse.com/1126118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:15:50Z",
"details": "moderate"
}
],
"title": "CVE-2019-8905"
},
{
"cve": "CVE-2019-8906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8906"
}
],
"notes": [
{
"category": "general",
"text": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8906",
"url": "https://www.suse.com/security/cve/CVE-2019-8906"
},
{
"category": "external",
"summary": "SUSE Bug 1126119 for CVE-2019-8906",
"url": "https://bugzilla.suse.com/1126119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:15:50Z",
"details": "moderate"
}
],
"title": "CVE-2019-8906"
},
{
"cve": "CVE-2019-8907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8907"
}
],
"notes": [
{
"category": "general",
"text": "do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8907",
"url": "https://www.suse.com/security/cve/CVE-2019-8907"
},
{
"category": "external",
"summary": "SUSE Bug 1126117 for CVE-2019-8907",
"url": "https://bugzilla.suse.com/1126117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:file-devel-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:file-magic-5.32-lp150.6.3.1.noarch",
"openSUSE Leap 15.0:libmagic1-32bit-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:libmagic1-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python2-magic-5.32-lp150.6.3.1.x86_64",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.i586",
"openSUSE Leap 15.0:python3-magic-5.32-lp150.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:15:50Z",
"details": "moderate"
}
],
"title": "CVE-2019-8907"
}
]
}
ghsa-gc52-2h3f-7mvf
Vulnerability from github
Published
2022-05-13 01:04
Modified
2022-05-13 01:04
Severity ?
VLAI Severity ?
Details
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
{
"affected": [],
"aliases": [
"CVE-2019-8906"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-18T17:29:00Z",
"severity": "MODERATE"
},
"details": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.",
"id": "GHSA-gc52-2h3f-7mvf",
"modified": "2022-05-13T01:04:41Z",
"published": "2022-05-13T01:04:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8906"
},
{
"type": "WEB",
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"type": "WEB",
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT209599"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT209600"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT209601"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT209602"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3911-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
fkie_cve-2019-8906
Vulnerability from fkie_nvd
Published
2019-02-18 17:29
Modified
2024-11-21 04:50
Severity ?
Summary
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| file_project | file | 5.35 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 42.3 | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | tvos | * | |
| apple | watchos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "E0ABAAD8-0CD0-45B4-ABA4-A5FE24F00F20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1531E802-5419-4B38-8C0C-BDCBC272648F",
"versionEndExcluding": "12.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A",
"versionEndExcluding": "10.14.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98912716-69F2-4372-98F0-BD6CCA9AAEB9",
"versionEndExcluding": "12.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8962A4FE-AE67-421E-9635-B03E2EBCDF19",
"versionEndExcluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused."
},
{
"lang": "es",
"value": "do_core_note en readelf.c en libmagic.a en la versi\u00f3n 5.35 de file tiene una lectura fuera de l\u00edmites debido a una mala utilizaci\u00f3n de memcpy."
}
],
"id": "CVE-2019-8906",
"lastModified": "2024-11-21T04:50:38.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-18T17:29:01.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209599"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209601"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209602"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3911-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3911-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2019-8906
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-8906",
"description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.",
"id": "GSD-2019-8906",
"references": [
"https://www.suse.com/security/cve/CVE-2019-8906.html",
"https://ubuntu.com/security/CVE-2019-8906",
"https://security.archlinux.org/CVE-2019-8906",
"https://alas.aws.amazon.com/cve/html/CVE-2019-8906.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-8906"
],
"details": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.",
"id": "GSD-2019-8906",
"modified": "2023-12-13T01:23:48.199748Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.astron.com/view.php?id=64",
"refsource": "MISC",
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"name": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f",
"refsource": "MISC",
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"name": "openSUSE-SU-2019:0345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"name": "USN-3911-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3911-1/"
},
{
"name": "https://support.apple.com/kb/HT209599",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209599"
},
{
"name": "https://support.apple.com/kb/HT209601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209601"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209600"
},
{
"name": "https://support.apple.com/kb/HT209602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209602"
},
{
"name": "openSUSE-SU-2019:1197",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8906"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f"
},
{
"name": "https://bugs.astron.com/view.php?id=64",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.astron.com/view.php?id=64"
},
{
"name": "openSUSE-SU-2019:0345",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html"
},
{
"name": "USN-3911-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3911-1/"
},
{
"name": "openSUSE-SU-2019:1197",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html"
},
{
"name": "https://support.apple.com/kb/HT209602",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209602"
},
{
"name": "https://support.apple.com/kb/HT209601",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209601"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"name": "https://support.apple.com/kb/HT209599",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209599"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
},
"lastModifiedDate": "2021-12-09T19:44Z",
"publishedDate": "2019-02-18T17:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…