Advisories ยป MGASA-2014-0092

Updated file package fixes security vulnerability

Publication date: 22 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1943

Description

It was discovered that file before 5.17 contains a flaw in the handling of
"indirect" magic rules in the libmagic library, which leads to an infinite
recursion when trying to determine the file type of certain files
(CVE-2014-1943).

Additionally, other well-crafted files might result in long computation times
(while using 100% CPU) and overlong results.

The affected packages have been patched to correct these flaws.
                

References

SRPMS

4/core

3/core