Re: [SECURITY] [DSA 3196-1] file security update
On 2015-03-18 20:58, Moritz Muehlenhoff wrote:
> Package : file
> CVE ID : CVE-2014-9653
>
> Hanno Boeck discovered that file's ELF parser
Actually, my patch for this issues was posted and accepted before Hanno
filed his bug report. MITRE got it right in their CVE assignment:
http://www.openwall.com/lists/oss-security/2015/02/05/13
> is suspectible to denial of service.
Is it really a DoS? Use of uninitialised values could lead to an
infoleak which could be important for php. But I haven't verified what
it does in php or if it can be triggered there at all.
--
Alexander Cherepanov
Reply to: