[SECURITY] [DLA 204-1] file security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 204-1] file security update
From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Date: Sun, 19 Apr 2015 15:06:12 +0200
Message-id: <[🔎] 1429448735@msgid.manchmal.in-ulm.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : file
Version        : 5.04-5+squeeze10
CVE ID         : CVE-2014-9653
Debian Bug     : 777585

This update fixes the following issue in the file package:

CVE-2014-9653

    readelf.c does not consider that pread calls sometimes read only
    a subset of the available data, which allows remote attackers to
    cause a denial of service (uninitialized memory access) or
    possibly have unspecified other impact via a crafted ELF file.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 203-1] openldap security update
Next by Date: [SECURITY] [DLA 205-1] ppp security update
Previous by thread: [SECURITY] [DLA 203-1] openldap security update
Next by thread: [SECURITY] [DLA 205-1] ppp security update
Index(es):
- Date
- Thread