Package name
file
Date
2014-07-09
Advisory ID
MDVSA-2014:131
Affected versions
MBS1 x86_64

Problem description

Updated file packages fix security vulnerabilities:

A flaw was found in the way file parsed property information from
Composite Document Files (CDF) files, where the mconvert() function did
not correctly compute the truncated pascal string size (CVE-2014-3478).

Multiple flaws were found in the way file parsed property information
from Composite Document Files (CDF) files, due to insufficient boundary
checks on buffers (CVE-2014-3479, CVE-2014-3480, CVE-2014-3487).

Note: these issues were announced as part of the upstream PHP 5.4.30
release, as PHP bundles file's libmagic library. Their announcement
also references an issue in CDF file parsing, CVE-2014-0207, which
was previously fixed in the file package in MGASA-2014-0252, but was
not announced at that time.

Updated packages

MBS1 x86_64

 8e1ee8abafa844ed407f0f0b7d9281ee  mbs1/x86_64/file-5.12-1.3.mbs1.x86_64.rpm
 021a9c59681a806162833049a01431fe  mbs1/x86_64/lib64magic1-5.12-1.3.mbs1.x86_64.rpm
 cee7091c00002276d3e6377f601f331f  mbs1/x86_64/lib64magic-devel-5.12-1.3.mbs1.x86_64.rpm
 eb0fdbb60d79014687c102681eec6cfd  mbs1/x86_64/lib64magic-static-devel-5.12-1.3.mbs1.x86_64.rpm
 5da77e303c85b116d20a34ab7fa76263  mbs1/x86_64/python-magic-5.12-1.3.mbs1.noarch.rpm 
 4b842d4eeff485db6e50cd120c56990b  mbs1/SRPMS/file-5.12-1.3.mbs1.src.rpm

References