Scientific Linux SL6.x: SLSA-2016:0760-1 Moderate File Security Advisory

Date: Wed, 8 Jun 2016 21:00:33 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Kevin Hill 
Subject: Security ERRATA Moderate: file on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20160608210033.26733.75293@slpackages.fnal.gov>

Synopsis: Moderate: file security, bug fix, and enhancement update
Advisory ID: SLSA-2016:0760-1
Issue Date: 2016-05-10
CVE Numbers: CVE-2014-3587
 CVE-2014-3538
 CVE-2014-3710
 CVE-2014-8116
 CVE-2014-8117
 CVE-2014-9653
 CVE-2014-9620
--

Security Fix(es):

* Multiple flaws were found in the file regular expression rules for
detecting various files. A remote attacker could use these flaws to cause
file to consume an excessive amount of CPU. (CVE-2014-3538)

* A denial of service flaw was found in the way file parsed certain
Composite Document Format (CDF) files. A remote attacker could use this
flaw to crash file via a specially crafted CDF file. (CVE-2014-3587)

* Multiple flaws were found in the way file parsed Executable and Linkable
Format (ELF) files. A remote attacker could use these flaws to cause file
to crash, disclose portions of its memory, or consume an excessive amount
of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117,
CVE-2014-9620, CVE-2014-9653)
--

SL6
 x86_64
 file-5.04-30.el6.x86_64.rpm
 file-debuginfo-5.04-30.el6.i686.rpm
 file-debuginfo-5.04-30.el6.x86_64.rpm
 file-libs-5.04-30.el6.i686.rpm
 file-libs-5.04-30.el6.x86_64.rpm
 python-magic-5.04-30.el6.x86_64.rpm
 file-devel-5.04-30.el6.i686.rpm
 file-devel-5.04-30.el6.x86_64.rpm
 file-static-5.04-30.el6.x86_64.rpm
 i386
 file-5.04-30.el6.i686.rpm
 file-debuginfo-5.04-30.el6.i686.rpm
 file-libs-5.04-30.el6.i686.rpm
 python-magic-5.04-30.el6.i686.rpm
 file-devel-5.04-30.el6.i686.rpm
 file-static-5.04-30.el6.i686.rpm

- Scientific Linux Development Team