Advisories » MGASA-2014-0354

Updated file packages fix CVE-2014-3587

Publication date: 26 Aug 2014
Modification date: 26 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3587

Description

Updated file packages fix security vulnerability:

A flaw was found in the way file uses cdf_read_property_info function when
checks stream offsets for certain Composite Document Format (CDF). An
insufficient input validation flaw for p and q minimal and maximal value,
leads to a pointer overflow. This issue only affects 32bit systems
(CVE-2014-3587).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13985
• https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136989.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

SRPMS

4/core

• file-5.16-1.6.mga4

3/core

• file-5.12-8.7.mga3