Package "file"
Name: |
file
|
Description: |
Determines file type using "magic" numbers
|
Latest version: |
1:5.14-2ubuntu3.4 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
http://www.darwinsys.com/file/ |
Links
Download "file"
Other versions of "file" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
file (1:5.14-2ubuntu3.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of notes or long
string
- debian/patches/CVE-2014-962x-pre*.patch: backport pre-requisite code
changes.
- debian/patches/CVE-2014-962x-1.patch: add a limit to the number of
ELF notes processed in doc/file.man, doc/libmagic.man,
src/apprentice.c, src/elfclass.h, src/file.c, src/file.h,
src/file_opts.h, src/magic.c, src/magic.h.in, src/readelf.c.
- debian/patches/CVE-2014-962x-2.patch: limit string printing to 100
chars, and add flags in src/readelf.c.
- CVE-2014-9620
- CVE-2014-9621
* SECURITY UPDATE: denial of service via crafted ELF file
- debian/patches/CVE-2014-9653.patch: bail out on partial reads in
src/readelf.c.
- CVE-2014-9653
* SECURITY UPDATE: memory corruption in file_check_mem.
- debian/patches/CVE-2015-8865.patch: properly calculate length in
src/funcs.c.
- CVE-2015-8865
* SECURITY UPDATE: out-of-bounds read via crafted ELF file
- debian/patches/CVE-2018-10360.patch: add bounds check to
src/readelf.c.
- CVE-2018-10360
-- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 14:45:30 -0400
|
Source diff to previous version |
CVE-2014-9620 |
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. |
CVE-2014-9621 |
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. |
CVE-2014-9653 |
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider |
CVE-2015-8865 |
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x befo |
CVE-2018-10360 |
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and applic |
|
file (1:5.14-2ubuntu3.3) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/apprentice.c, src/file.c,
src/file.h, src/file_opts.h, src/funcs.c, src/magic.c,
src/magic.h.in, src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
* SECURITY UPDATE: DoS via long pascal strings
- debian/patches/pr398-truncate-pascal-strings.patch: correctly
calculate size in src/softmagic.c.
- No CVE number
* debian/libmagic1.symbols: added new symbols
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 09:23:18 -0500
|
Source diff to previous version |
CVE-2014-3710 |
out-of-bounds read in elf note headers |
CVE-2014-8116 |
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of |
CVE-2014-8117 |
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or cra |
|
file (1:5.14-2ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: buffer underflow in CDF file identification
- debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
abort on buffer underflows.
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:33:26 -0700
|
Source diff to previous version |
CVE-2014-3587 |
Integer overflow in the cdf_read_property_info function in cdf.c in ... |
|
file (1:5.14-2ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
magic/Magdir/commands.
- CVE-2013-7345
* SECURITY UPDATE: denial of service in cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in src/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2014-3538.patch: allow specifying lengths for
regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
magic/Magdir/troff, update manpage in doc/magic.man.
- CVE-2014-3538
* debian/patches/commands-strength.patch: reduce strength of awk rule so
it doesn't get priority over perl scripts.
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 09:40:56 -0400
|
CVE-2013-7345 |
The BEGIN regular expression in the awk script detector in ... |
CVE-2014-0207 |
cdf_read_short_sector insufficient boundary check |
CVE-2014-3478 |
mconvert incorrect handling of truncated pascal string size |
CVE-2014-3479 |
cdf_check_stream_offset insufficient boundary check |
CVE-2014-3480 |
cdf_count_chain insufficient boundary check |
CVE-2014-3487 |
cdf_read_property_info insufficient boundary check |
CVE-2014-3538 |
file before 5.19 does not properly restrict the amount of data read ... |
|
About
-
Send Feedback to @ubuntu_updates