[ubuntu/trusty-updates] file 1:5.14-2ubuntu3.4 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jun 14 13:28:10 UTC 2018


file (1:5.14-2ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via large number of notes or long
    string
    - debian/patches/CVE-2014-962x-pre*.patch: backport pre-requisite code
      changes.
    - debian/patches/CVE-2014-962x-1.patch: add a limit to the number of
      ELF notes processed in doc/file.man, doc/libmagic.man,
      src/apprentice.c, src/elfclass.h, src/file.c, src/file.h,
      src/file_opts.h, src/magic.c, src/magic.h.in, src/readelf.c.
    - debian/patches/CVE-2014-962x-2.patch: limit string printing to 100
      chars, and add flags in src/readelf.c.
    - CVE-2014-9620
    - CVE-2014-9621
  * SECURITY UPDATE: denial of service via crafted ELF file
    - debian/patches/CVE-2014-9653.patch: bail out on partial reads in
      src/readelf.c.
    - CVE-2014-9653
  * SECURITY UPDATE: memory corruption in file_check_mem.
    - debian/patches/CVE-2015-8865.patch: properly calculate length in
      src/funcs.c.
    - CVE-2015-8865
  * SECURITY UPDATE: out-of-bounds read via crafted ELF file
    - debian/patches/CVE-2018-10360.patch: add bounds check to
      src/readelf.c.
    - CVE-2018-10360

Date: 2018-06-13 19:19:12.363327+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/file/1:5.14-2ubuntu3.4
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list