Advisories » MGASA-2014-0123

Updated file packages fix CVE-2014-2270

Publication date: 07 Mar 2014
Modification date: 07 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2270

Description

Updated file packages fix security vulnerability:

A flaw was found in the way the file utility determined the type of Portable
Executable (PE) format files, the executable format used on Windows. A
malicious PE file could cause the file utility to crash or, potentially,
execute arbitrary code (CVE-2014-2270).

A memory leak in file has also been fixed.
                

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1072220
• http://openwall.com/lists/oss-security/2014/03/05/7
• https://github.com/file/file/commit/c0c0032b9e9eb57b91fefef905a3b018bab492d9
• https://bugs.mageia.org/show_bug.cgi?id=12944
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

SRPMS

3/core

• file-5.12-8.2.mga3

4/core

• file-5.16-1.2.mga4