Advisories ยป MGASA-2014-0123

Updated file packages fix CVE-2014-2270

Publication date: 07 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2270

Description

Updated file packages fix security vulnerability:

A flaw was found in the way the file utility determined the type of Portable
Executable (PE) format files, the executable format used on Windows. A
malicious PE file could cause the file utility to crash or, potentially,
execute arbitrary code (CVE-2014-2270).

A memory leak in file has also been fixed.
                

References

SRPMS

4/core

3/core