Advisories ยป MGASA-2014-0307

Updated file packages fix security vulnerability

Publication date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3538

Description

file before 5.19 does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file that triggers backtracking during
processing of an awk rule, due to an incomplete fix for CVE-2013-7345
(CVE-2014-3538).

The Mageia 3 update also fixes a possible crash in softmagic.c due to an
improperly rediffed patch for a memory leak in a previous update (mga#13701).
                

References

SRPMS

3/core

4/core