Summary: | <sys-apps/file-5.17: infinite recursion (CVE-2014-1943) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1065836 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-02-17 11:51:36 UTC
Arches please test and mark stable =sys-apps/file-5.17 with target KEYWORDS: alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd Stable for HPPA. amd64 stable arm stable alpha stable x86 stable ppc64 stable ppc stable ia64 stable CVE-2014-1943 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943): Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. glsa request filed. + 22 Feb 2014; Lars Wendler <polynomial-c@gentoo.org> -file-5.15.ebuild, + -file-5.16.ebuild: + Removed vulnerable versions. + This issue was resolved and addressed in GLSA 201403-03 at http://security.gentoo.org/glsa/glsa-201403-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). |