Debian Security Advisory

DLA-204-1 file -- LTS security update

Date Reported:
19 Apr 2015
Affected Packages:
file
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 777585.
In Mitre's CVE dictionary: CVE-2014-9653.
More information:

This update fixes the following issue in the file package:

  • CVE-2014-9653

    readelf.c does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.