Summary: | <sys-apps/file-5.21: denial of service issue (resource consumption) (CVE-2014-{8116,8117}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/12/16/2 | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1174606 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
![]() Arches please test and mark stable =sys-apps/file-5.21 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd Stable for HPPA. amd64 stable x86 stable alpha stable arm stable ppc stable ppc64 stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. glsa drafted. CVE-2014-8117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8117): softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. CVE-2014-8116 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8116): The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. This issue was resolved and addressed in GLSA 201412-48 at http://security.gentoo.org/glsa/glsa-201412-48.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |