Synopsis: Moderate: file security and bug fix update
Advisory ID: SLSA-2015:2155-7
Issue Date: 2015-11-19
CVE Numbers: CVE-2014-0238
CVE-2014-0237
CVE-2014-3480
CVE-2014-3479
CVE-2014-0207
CVE-2014-3487
CVE-2014-3587
CVE-2014-3538
CVE-2014-3478
CVE-2014-3710
CVE-2014-9652
CVE-2014-8116
CVE-2014-8117
CVE-2014-9653
—
Multiple denial of service flaws were found in the way file parsed certain
Composite Document Format (CDF) files. A remote attacker could use either
of these flaws to crash file, or an application using file, via a
specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238,
CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587)
Two flaws were found in the way file processed certain Pascal strings. A
remote attacker could cause file to crash if it was used to identify the
type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652)
Multiple flaws were found in the file regular expression rules for
detecting various files. A remote attacker could use these flaws to cause
file to consume an excessive amount of CPU. (CVE-2014-3538)
Multiple flaws were found in the way file parsed Executable and Linkable
Format (ELF) files. A remote attacker could use these flaws to cause file
to crash, disclose portions of its memory, or consume an excessive amount
of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117,
CVE-2014-9653)
The file packages have been updated to ensure correct operation on Power
little endian and ARM 64-bit hardware architectures.
—
SL7
x86_64
file-5.11-31.el7.x86_64.rpm
file-debuginfo-5.11-31.el7.i686.rpm
file-debuginfo-5.11-31.el7.x86_64.rpm
file-libs-5.11-31.el7.i686.rpm
file-libs-5.11-31.el7.x86_64.rpm
file-devel-5.11-31.el7.i686.rpm
file-devel-5.11-31.el7.x86_64.rpm
file-static-5.11-31.el7.i686.rpm
file-static-5.11-31.el7.x86_64.rpm
noarch
python-magic-5.11-31.el7.noarch.rpm
– Scientific Linux Development Team
