Updated file packages fix security vulnerabilities
Publication date: 19 Dec 2014Modification date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8116 , CVE-2014-8117
Description
Updated file packages fix security vulnerabilities:
Thomas Jarosch of Intra2net AG reported that using the file command on a
specially-crafted ELF binary could lead to a denial of service due to
uncontrolled resource consumption (CVE-2014-8116).
Thomas Jarosch of Intra2net AG reported that using the file command on a
specially-crafted ELF binary could lead to a denial of service due to
uncontrolled recursion (CVE-2014-8117).
References
- https://bugs.mageia.org/show_bug.cgi?id=14818
- http://openwall.com/lists/oss-security/2014/12/16/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1171580
- https://bugzilla.redhat.com/show_bug.cgi?id=1174606
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
SRPMS
4/core
- file-5.16-1.9.mga4