file-5.04-21.AXS4
エラータID: AXSA:2014-614:01
Description :
The file command is used to identify a particular file according to the
type of data contained by the file. File can identify many different
file types, including ELF binaries, system libraries, RPM packages, and
different graphics formats.
Security issues fixed with this release:
CVE-2012-1571
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
CVE-2014-0238
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
CVE-2014-1943
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2014-3479
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
CVE-2014-3480
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
Fixed bugs:
This update contain a number of bug fixes and enhancements over the previous version.
Please see changelog for more information.
update package.
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
N/A
SRPMS
- file-5.04-21.AXS4.src.rpm
MD5: b4a647614eeb286f9c8f10ddd9f10bac
SHA-256: ceb52926ab884c9808c36c7536e5b4fb97d7f27182744064c88bea845e500d4c
Size: 668.15 kB
Asianux Server 4 for x86
- file-5.04-21.AXS4.i686.rpm
MD5: e4f02ccc08ce986610bd595f121a0d59
SHA-256: e525d3f3528c93b2f5592cf549118f15a2b98e719d4ff10f5ceb265c0d76ad6e
Size: 46.77 kB - file-devel-5.04-21.AXS4.i686.rpm
MD5: 52449ed65072ad4a02645bcf31e03c90
SHA-256: cb0dac702ba32a06804d92ba82d999ca45c15276c3e2eaf879140a3a0448efac
Size: 25.63 kB - file-libs-5.04-21.AXS4.i686.rpm
MD5: b2f52632fdaa6337f97207eb9b7a9fc5
SHA-256: f4ba08e87cf74f493b3e4c3acfcff205c0ef80a5636cfafc443bbddca9487a07
Size: 315.26 kB - python-magic-5.04-21.AXS4.i686.rpm
MD5: 108ec790e31ff0c9cede922c32338e7a
SHA-256: ce3f0621e6609d4c01e1ba44a539c279dc4651dbd5d70f7d15d3f0069c468d80
Size: 26.89 kB
Asianux Server 4 for x86_64
- file-5.04-21.AXS4.x86_64.rpm
MD5: 278726f5bc73918b6c37ee29a5f4ae16
SHA-256: 32067c133b26e0e2ceec2268c459446aeda982b36f8f7075ade722ea9dcf5524
Size: 46.50 kB - file-devel-5.04-21.AXS4.x86_64.rpm
MD5: 1c07e337e91469e4030eba407a42d1ee
SHA-256: 5cd06eb24bce7ab75e35db43306a48010ee985ba949387e7644b773e1ebcce4b
Size: 25.20 kB - file-libs-5.04-21.AXS4.x86_64.rpm
MD5: 147be6602233c08de5bdc7ab88559a80
SHA-256: a468298d0f324c8b482aea701a4524578e5100ce7eb44e1ca3fc8ba6c8d12086
Size: 312.50 kB - python-magic-5.04-21.AXS4.x86_64.rpm
MD5: 6edd9157cf793c3a1aa671cb729e8a09
SHA-256: 16e134f03bd8f8cd577f522d4fbaad79083d421b106c223adc488d2a2860b368
Size: 26.66 kB - file-devel-5.04-21.AXS4.i686.rpm
MD5: 52449ed65072ad4a02645bcf31e03c90
SHA-256: cb0dac702ba32a06804d92ba82d999ca45c15276c3e2eaf879140a3a0448efac
Size: 25.63 kB - file-libs-5.04-21.AXS4.i686.rpm
MD5: b2f52632fdaa6337f97207eb9b7a9fc5
SHA-256: f4ba08e87cf74f493b3e4c3acfcff205c0ef80a5636cfafc443bbddca9487a07
Size: 315.26 kB
日本語