file-5.04-30.AXS4
エラータID: AXSA:2016-325:01
The file command is used to identify a particular file according to the
type of data contained by the file. File can identify many different
file types, including ELF binaries, system libraries, RPM packages, and
different graphics formats.
Security issues fixed with this release:
CVE-2014-3538
file before 5.19 does not properly restrict the amount of data read
during a regex search, which allows remote attackers to cause a denial
of service (CPU consumption) via a crafted file that triggers
backtracking during processing of an awk rule. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2013-7345.
CVE-2014-3587
Integer overflow in the cdf_read_property_info function in cdf.c in
file through 5.19, as used in the Fileinfo component in PHP before
5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a
denial of service (application crash) via a crafted CDF file. NOTE:
this vulnerability exists because of an incomplete fix for
CVE-2012-1571.
CVE-2014-3710
The donote function in readelf.c in file through 5.20, as used in the
Fileinfo component in PHP 5.4.34, does not ensure that sufficient note
headers are present, which allows remote attackers to cause a denial
of service (out-of-bounds read and application crash) via a crafted
ELF file.
CVE-2014-8116
The ELF parser (readelf.c) in file before 5.21 allows remote attackers
to cause a denial of service (CPU consumption or crash) via a large
number of (1) program or (2) section headers or (3) invalid
capabilities.
CVE-2014-8117
softmagic.c in file before 5.21 does not properly limit recursion,
which allows remote attackers to cause a denial of service (CPU
consumption or crash) via unspecified vectors.
CVE-2014-9620
The ELF parser in file 5.08 through 5.21 allows remote attackers to
cause a denial of service via a large number of notes.
CVE-2014-9653
readelf.c in file before 5.22, as used in the Fileinfo component in
PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does
not consider that pread calls sometimes read only a subset of the
available data, which allows remote attackers to cause a denial of
service (uninitialized memory access) or possibly have unspecified
other impact via a crafted ELF file.
Update packages.
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.
N/A
SRPMS
- file-5.04-30.AXS4.src.rpm
MD5: 5033dc60c5804eb52b3c6a3aafa35ab0
SHA-256: dbb97270fe179dbb387b360c0c2a1af2917da334306c10354fb43e754ff8bd8e
Size: 681.05 kB
Asianux Server 4 for x86
- file-5.04-30.AXS4.i686.rpm
MD5: c819201f84b77a654ecaafbcbde5a580
SHA-256: 3119989a29e73e6d8e3170499cb28889df5e5cc05137e2d8ebaff23e69c1b18b
Size: 48.60 kB - file-devel-5.04-30.AXS4.i686.rpm
MD5: 0df4650e80c09207b8bec18592b8dc4a
SHA-256: 96e61b4f24a9d17b289f35d5d5d0817f486ea311b513654d2460ff0e393d0d17
Size: 27.46 kB - file-libs-5.04-30.AXS4.i686.rpm
MD5: 8f69583ae0b3380ddec7f0b38f488492
SHA-256: 4be64833917659eb23b978a755f3faaaaa4fce9516de37b06d920fbe36705973
Size: 319.27 kB - python-magic-5.04-30.AXS4.i686.rpm
MD5: a7c939dc5c3e5e8e0997059205f5a614
SHA-256: 1b0b17e9d272087c105b02783826f68302cd53f25d6d881e2c93f9e712be9ce7
Size: 28.73 kB
Asianux Server 4 for x86_64
- file-5.04-30.AXS4.x86_64.rpm
MD5: b2de967ea1cdf17516b7cdf7d6d54d3e
SHA-256: 14527dcd65a15b91e6928bcff47a2de5f99a1c001c887e5b58fdc4098df9cb2a
Size: 48.34 kB - file-devel-5.04-30.AXS4.x86_64.rpm
MD5: f0bf5691887c78f503797d6bc5e013b9
SHA-256: 43196fcc2946cde6687766b8ba775a82b071c0d5ab6e578b4722bfbd1cdabdbf
Size: 27.03 kB - file-libs-5.04-30.AXS4.x86_64.rpm
MD5: 997f39b71e650dd05da4d25786801399
SHA-256: a383892244cfb48e75a64294949897232d78b5f8255bb93b9eac3a4c7cf882f8
Size: 315.82 kB - python-magic-5.04-30.AXS4.x86_64.rpm
MD5: 7ca793400ab857b904a948f41054bd45
SHA-256: 5cb1e9de47acfeaf9ebece09f571ceedc89e7134c8b129f11941e95b690682f0
Size: 28.50 kB - file-devel-5.04-30.AXS4.i686.rpm
MD5: 0df4650e80c09207b8bec18592b8dc4a
SHA-256: 96e61b4f24a9d17b289f35d5d5d0817f486ea311b513654d2460ff0e393d0d17
Size: 27.46 kB - file-libs-5.04-30.AXS4.i686.rpm
MD5: 8f69583ae0b3380ddec7f0b38f488492
SHA-256: 4be64833917659eb23b978a755f3faaaaa4fce9516de37b06d920fbe36705973
Size: 319.27 kB