Ubuntu 14.04: 2278-1 Moderate: File Denial Of Service Issues
Jul 15, 2014
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
File could be made to crash or hang if it processed specially crafted data.
=========================================================================Ubuntu Security Notice USN-2278-1 July 15, 2014 file vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 13.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: File could be made to crash or hang if it processed specially crafted data. Software Description: - file: Tool to determine file types Details: Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. (CVE-2013-7345) Francisco Alonso discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) Jan Kaluža discovered that file did not properly restrict the amount of data read during regex searches. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. (CVE-2014-3538) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: file 1:5.14-2ubuntu3.1 libmagic1 1:5.14-2ubuntu3.1 Ubuntu 13.10: file 5.11-2ubuntu4.3 libmagic1 5.11-2ubuntu4.3 Ubuntu 12.04 LTS: file 5.09-2ubuntu0.4 libmagic1 5.09-2ubuntu0.4 Ubuntu 10.04 LTS: file 5.03-5ubuntu1.3 libmagic1 5.03-5ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2278-1 CVE-2013-7345, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538 Package Information: https://launchpad.net/ubuntu/+source/file/1:5.14-2ubuntu3.1 https://launchpad.net/ubuntu/+source/file/5.11-2ubuntu4.3 https://launchpad.net/ubuntu/+source/file/5.09-2ubuntu0.4 https://launchpad.net/ubuntu/+source/file/5.03-5ubuntu1.3
PREVIOUS
NEXT
Ubuntu 14.04: 2278-1 Moderate: File Denial Of Service Issues
ubuntu
July 15, 2014
File could be made to crash or hang if it processed specially crafted data.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: file 1:5.14-2ubuntu3.1 libmagic1 1:5.14-2ubuntu3.1 Ubuntu 13.10: file 5.11-2ubuntu4.3 libmagic1 5.11-2ubuntu4.3 Ubuntu 12.04 LTS: file 5.09-2ubuntu0.4 libmagic1 5.09-2ubuntu0.4 Ubuntu 10.04 LTS: file 5.03-5ubuntu1.3 libmagic1 5.03-5ubuntu1.3 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2278-1
CVE-2013-7345, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479,
CVE-2014-3480, CVE-2014-3487, CVE-2014-3538
July 15, 2014
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/file/1:5.14-2ubuntu3.1 https://launchpad.net/ubuntu/+source/file/5.11-2ubuntu4.3 https://launchpad.net/ubuntu/+source/file/5.09-2ubuntu0.4 https://launchpad.net/ubuntu/+source/file/5.03-5ubuntu1.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!