[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 86-1] file security update

Package        : file
Version        : 5.04-5+squeeze8
CVE ID         : CVE-2014-3710
Debian Bug     : 768806

Francisco Alonso of Red Hat Product Security found an issue in the file
utility: when checking ELF files, note headers are incorrectly checked,
thus potentially allowing attackers to cause a denial of service
(out-of-bounds read and application crash) by supplying a specially
crafted ELF file.

For the long-term stable distribution (squeeze-lts), this problem has been
fixed in version 5.04-5+squeeze8.

Attachment: signature.asc
Description: Digital signature

Reply to: