Advisories ยป MGASA-2014-0282

Updated file packages fix security vulnerabilities

Publication date: 04 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3478 , CVE-2014-3479 , CVE-2014-3480 , CVE-2014-3487

Description

A flaw was found in the way file parsed property information from Composite
Document Files (CDF) files, where the mconvert() function did not correctly
compute the truncated pascal string size (CVE-2014-3478).

Multiple flaws were found in the way file parsed property information from
Composite Document Files (CDF) files, due to insufficient boundary checks
on buffers (CVE-2014-3479, CVE-2014-3480, CVE-2014-3487).

Note: these issues were announced as part of the upstream PHP 5.4.30
release, as PHP bundles file's libmagic library. Their announcement also
references an issue in CDF file parsing, CVE-2014-0207, which was
previously fixed in the file package in MGASA-2014-0252, but was not
announced at that time.
                

References

SRPMS

4/core

3/core