Mageia alert MGASA-2014-0123 (file)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2014-0123: Updated file packages fix CVE-2014-2270 
Date:
    	       Fri, 7 Mar 2014 15:18:53 +0100
Message-ID:
    	       <20140307141853.1EF4858FB1@valstar.mageia.org>
MGASA-2014-0123 - Updated file packages fix CVE-2014-2270

Publication date: 07 Mar 2014
URL: http://advisories.mageia.org/MGASA-2014-0123.html

Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-2270

Description:
Updated file packages fix security vulnerability:

A flaw was found in the way the file utility determined the type of Portable
Executable (PE) format files, the executable format used on Windows. A
malicious PE file could cause the file utility to crash or, potentially,
execute arbitrary code (CVE-2014-2270).

A memory leak in file has also been fixed.

References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1072220

- http://openwall.com/lists/oss-security/2014/03/05/7

- https://github.com/file/file/commit/c0c0032b9e9eb57b91fef...
- https://bugs.mageia.org/show_bug.cgi?id=12944

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270


SRPMS:
- 4/core/file-5.16-1.2.mga4
- 3/core/file-5.12-8.2.mga3

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2014-0123: Updated file packages fix CVE-2014-2270
Date:		Fri, 7 Mar 2014 15:18:53 +0100
Message-ID:		<20140307141853.1EF4858FB1@valstar.mageia.org>