MGASA-2014-0307

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0307.html

Import Source

https://advisories.mageia.org/MGASA-2014-0307.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0307

Related

CVE-2014-3538

Published

2014-08-05T20:08:48Z

Modified

2014-08-05T19:31:49Z

Summary

Updated file packages fix security vulnerability

Details

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538).

The Mageia 3 update also fixes a possible crash in softmagic.c due to an improperly rediffed patch for a memory leak in a previous update (mga#13701).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / file

Package

Name: file
Purl: pkg:rpm/mageia/file?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.16-1.5.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / file

Package

Name: file
Purl: pkg:rpm/mageia/file?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12-8.6.mga3

Ecosystem specific

{
    "section": "core"
}