[SECURITY] [DLA 86-1] file security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 86-1] file security update
From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Date: Wed, 12 Nov 2014 17:17:29 +0100
Message-id: <[🔎] 1415809026@msgid.manchmal.in-ulm.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : file
Version        : 5.04-5+squeeze8
CVE ID         : CVE-2014-3710
Debian Bug     : 768806

Francisco Alonso of Red Hat Product Security found an issue in the file
utility: when checking ELF files, note headers are incorrectly checked,
thus potentially allowing attackers to cause a denial of service
(out-of-bounds read and application crash) by supplying a specially
crafted ELF file.

For the long-term stable distribution (squeeze-lts), this problem has been
fixed in version 5.04-5+squeeze8.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 85-1] libxml-security-java security update
Next by Date: [SECURITY] [DLA 87-1] dbus security update
Previous by thread: [SECURITY] [DLA 85-1] libxml-security-java security update
Next by thread: [SECURITY] [DLA 87-1] dbus security update
Index(es):
- Date
- Thread