Advisories » MGASA-2014-0537

Updated file packages fix security vulnerabilities

Publication date: 19 Dec 2014
Modification date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8116 , CVE-2014-8117

Description

Updated file packages fix security vulnerabilities:

Thomas Jarosch of Intra2net AG reported that using the file command on a
specially-crafted ELF binary could lead to a denial of service due to
uncontrolled resource consumption (CVE-2014-8116).

Thomas Jarosch of Intra2net AG reported that using the file command on a
specially-crafted ELF binary could lead to a denial of service due to
uncontrolled recursion (CVE-2014-8117).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14818
• http://openwall.com/lists/oss-security/2014/12/16/2
• https://bugzilla.redhat.com/show_bug.cgi?id=1171580
• https://bugzilla.redhat.com/show_bug.cgi?id=1174606
• https://www.cve.org/CVERecord?id=CVE-2014-8116
• https://www.cve.org/CVERecord?id=CVE-2014-8117

SRPMS

4/core

• file-5.16-1.9.mga4