|
|
Log in / Subscribe / Register

Scientific Linux alert SLSA-2015:2155-7 (file)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      <scientific-linux-errata@listserv.fnal.gov> 


Subject:
    	      Security ERRATA Moderate: file on SL7.x x86_64 


Date:
    	      Mon, 21 Dec 2015 23:13:34 +0000


Message-ID:
    	      <20151221231334.7116.48087@slpackages.fnal.gov>


Synopsis:          Moderate: file security and bug fix update
Advisory ID:       SLSA-2015:2155-7
Issue Date:        2015-11-19
CVE Numbers:       CVE-2014-0238
                   CVE-2014-0237
                   CVE-2014-3480
                   CVE-2014-3479
                   CVE-2014-0207
                   CVE-2014-3487
                   CVE-2014-3587
                   CVE-2014-3538
                   CVE-2014-3478
                   CVE-2014-3710
                   CVE-2014-9652
                   CVE-2014-8116
                   CVE-2014-8117
                   CVE-2014-9653
--

Multiple denial of service flaws were found in the way file parsed certain
Composite Document Format (CDF) files. A remote attacker could use either
of these flaws to crash file, or an application using file, via a
specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238,
CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587)

Two flaws were found in the way file processed certain Pascal strings. A
remote attacker could cause file to crash if it was used to identify the
type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652)

Multiple flaws were found in the file regular expression rules for
detecting various files. A remote attacker could use these flaws to cause
file to consume an excessive amount of CPU. (CVE-2014-3538)

Multiple flaws were found in the way file parsed Executable and Linkable
Format (ELF) files. A remote attacker could use these flaws to cause file
to crash, disclose portions of its memory, or consume an excessive amount
of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117,
CVE-2014-9653)

The file packages have been updated to ensure correct operation on Power
little endian and ARM 64-bit hardware architectures.
--

SL7
  x86_64
    file-5.11-31.el7.x86_64.rpm
    file-debuginfo-5.11-31.el7.i686.rpm
    file-debuginfo-5.11-31.el7.x86_64.rpm
    file-libs-5.11-31.el7.i686.rpm
    file-libs-5.11-31.el7.x86_64.rpm
    file-devel-5.11-31.el7.i686.rpm
    file-devel-5.11-31.el7.x86_64.rpm
    file-static-5.11-31.el7.i686.rpm
    file-static-5.11-31.el7.x86_64.rpm
  noarch
    python-magic-5.11-31.el7.noarch.rpm

- Scientific Linux Development Team
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds