[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3021-1] file security update

Our system is not exposed via ssh and there is no way to pass an OS call through the PHP vulnerability side as we do not run PHP. The threat here is minimal. However, we do need to update a few of these, I would like to do an apt-get upgrade this Thursday to true up.  I will create a mops ticket to contain the pertinent info.  Our regular upgrade cycle will begin October 6th.

Inst file [5.11-2] (5.11-2+deb7u3 Debian:7.6/stable, Debian-Security:7.0/stable [amd64]) []


On Tue, Sep 9, 2014 at 8:10 AM, Luciano Bello <luciano@debian.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3021-1                   security@debian.org
http://www.debian.org/security/                             Luciano Bello
September 09, 2014                     http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : file
CVE ID         : CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3478
                 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538
                 CVE-2014-3587

Multiple security issues have been found in file, a tool to determine
a file type. These vulnerabilities allow remote attackers to cause a
denial of service, via resource consumption or application crash.

For the stable distribution (wheezy), these problems have been fixed in
version 5.11-2+deb7u4.

For the testing distribution (jessie), these problems have been fixed in
version file 1:5.19-2.

For the unstable distribution (sid), these problems have been fixed in
version file 1:5.19-2.

We recommend that you upgrade your file packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJUDvwUAAoJEG7C3vaP/jd0SDYP/AkzZ+8iuo3Vny9C57fW1nSD
62oc2VbWRmYGQj2fbpbrvfiYe4a00pRRHemEd1V4o5uP7NPX+HfiwhVrm38Pjs1f
A4A6yAOQaBtwjpSRcN9j9KsHNcx7wYYW+jFmOHF3VjkyejWUYnMy0sDvFP770ZrO
xHAbMnLr8RbS6MD9/ZRYkbZ9pfoDvwkeFLkODDTVOM7Ooy3ks3vAKFZdi/HM8aGO
nUH568f96j3EPxEEeu3VRe/3v8iqBuNnckDAkXNhbsFvN0ORbDCidiMDMv4VoaBS
x7O6RPxXy0NuvwVbaPzoXCIJnsOvS7F30e/4gULOYx+tjB9zq+ZY3tzEaCSzadOs
//cvvrL6E+SlNBHJK6OH6PdHCEWuqbMI1jtEFQrmfwTl7Qiv47lz8YGA0GIvOQCT
MMMb5aokOdc7aTkUn81aUwLNdea5Sh2OTyNaC4Tul4D3B0COF1I89ji79BAhWIyU
q5RmJq02piIn5SM8DCBDgftfgTZoz3YoEnGSQwyw29IU5/gpPfCXosbo7fxppDw0
e+wu9GSWes2ncCpLCQC8mB4q77WxMEpFLx7TVRqdwKgQb/yjZb5IN/OZhUWTMY5H
fqThWmJkyZBkPFspOalaid7/hSCrgxISjqxHJqDdChRDqYhV0KJG+eb+YFgDRIWw
fWpibn9fZ7yydgEb1Lmg
=fJPN
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/6881440.HBSsWZmaxa@mybox




--

Adam Walter

Systems Administrator
P (402) 416.5790

Quickly connect to your potential borrowers with Mortech's Dialer.

Reply to: