Paketname
file
Datum
2014-04-09
Advisory ID
MDVSA-2014:073
Betroffene Versionen
MBS1 x86_64

Problembeschreibung

Updated file packages fix security vulnerabilities:

The BEGIN regular expression in the awk script detector in
magic/Magdir/commands in file before 5.15 uses multiple wildcards
with unlimited repetitions, which allows context-dependent attackers
to cause a denial of service (CPU consumption) via a crafted ASCII
file that triggers a large amount of backtracking, as demonstrated
via a file with many newline characters (CVE-2013-7345).

Aktualisierte Pakete

MBS1 x86_64

 4b4561e9f1573586faf3e776a8f4fe74  mbs1/x86_64/file-5.12-1.1.mbs1.x86_64.rpm
 a0fe4f9fdc9139483ff2646c457457d0  mbs1/x86_64/lib64magic1-5.12-1.1.mbs1.x86_64.rpm
 23d2709d6591a1bf152803f31435d36a  mbs1/x86_64/lib64magic-devel-5.12-1.1.mbs1.x86_64.rpm
 69dc8737c1c20341a2f062ee382cfdf1  mbs1/x86_64/lib64magic-static-devel-5.12-1.1.mbs1.x86_64.rpm
 b73482de9b5c0d944c558ac4db1f26f9  mbs1/x86_64/python-magic-5.12-1.1.mbs1.noarch.rpm 
 436b242b459fa885153668f6cae2056f  mbs1/SRPMS/file-5.12-1.1.mbs1.src.rpm

Referenzen