File _patchinfo of Package patchinfo.7741

<patchinfo incident="7741">
  <issue tracker="bnc" id="1096984">VUL-1: CVE-2018-10360: php5,php53,php7: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remoteattackers to cause a denial of service (out-of-bounds read and applicationcrash) via a crafted ELF file.</issue>
  <issue tracker="bnc" id="1096974">VUL-1: CVE-2018-10360: file: The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remoteattackers to cause a denial of service (out-of-bounds read and applicationcrash) via a crafted ELF file.</issue>
  <issue id="1126119" tracker="bnc">VUL-0: CVE-2019-8906: file: out-of-bounds read do_core_note in readelf.c</issue>
  <issue id="1126117" tracker="bnc">VUL-0: CVE-2019-8907: file: do_core_note in readelf.c in libmagic.a allows to cause a denial of service</issue>
  <issue id="1126118" tracker="bnc">VUL-0: CVE-2019-8905: file: stack-based buffer over-read in do_core_note in readelf.c</issue>
  <issue tracker="cve" id="2018-10360"/>
  <issue tracker="cve" id="2019-8905"/>
  <issue tracker="cve" id="2019-8907"/>
  <issue tracker="cve" id="2019-8906"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>WernerFink</packager>
  <description>This update for file fixes the following issues:

The following security vulnerabilities were addressed:

- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
  readelf.c, which allowed remote attackers to cause a denial of service
  (application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
  (bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
  (bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
  (bsc#1126117)
</description>
  <summary>Security update for file</summary>
</patchinfo>