SB2015031603 - Gentoo update for file

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2014-2270)

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to out-of-bounds read error in softmagic.c in file before 5.17 and libmagic. A remote attacker can trigger out-of-bounds read error via crafted offsets in the softmagic of a PE executable and cause the service to crash.

2) Resource management error (CVE-ID: CVE-2014-9620)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

3) Resource management error (CVE-ID: CVE-2014-9621)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/201503-08