Updated file package fixes security vulnerability
Publication date: 22 Feb 2014Modification date: 22 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1943
Description
It was discovered that file before 5.17 contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results. The affected packages have been patched to correct these flaws.
References
SRPMS
3/core
- file-5.12-8.1.mga3
4/core
- file-5.16-1.1.mga4