Advisories » MGASA-2014-0092

Updated file package fixes security vulnerability

Publication date: 22 Feb 2014
Modification date: 22 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1943

Description

It was discovered that file before 5.17 contains a flaw in the handling of
"indirect" magic rules in the libmagic library, which leads to an infinite
recursion when trying to determine the file type of certain files
(CVE-2014-1943).

Additionally, other well-crafted files might result in long computation times
(while using 100% CPU) and overlong results.

The affected packages have been patched to correct these flaws.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12807
• http://www.debian.org/security/2014/dsa-2861
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943

SRPMS

3/core

• file-5.12-8.1.mga3

4/core

• file-5.16-1.1.mga4