[ubuntu/precise-updates] file 5.09-2ubuntu0.6 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Feb 4 18:28:14 UTC 2015


file (5.09-2ubuntu0.6) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via insufficient note headers
    - debian/patches/CVE-2014-3710.patch: handle running out of not headers
      in src/readelf.c.
    - CVE-2014-3710
  * SECURITY UPDATE: DoS in ELF parser
    - debian/patches/CVE-2014-8116.patch: limit number of headers and
      capabilities in src/elfclass.h, src/readelf.c.
    - CVE-2014-8116
  * SECURITY UPDATE: DoS via missing recursion limits
    - debian/patches/CVE-2014-8117.patch: lower recursion level and allow
      it to be set from the command line in src/file.{c,h},
      src/file_opts.h, src/funcs.c, src/magic.c, src/magic.h,
      src/softmagic.c, add new option to documentation in
      doc/file.man, doc/libmagic.man.
    - CVE-2014-8117
  * SECURITY UPDATE: DoS via long pascal strings
    - debian/patches/pr398-truncate-pascal-strings.patch: correctly
      calculate size in src/softmagic.c.
    - No CVE number

Date: 2015-01-27 15:46:12.369437+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/file/5.09-2ubuntu0.6
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list