Vulnerability & Exploit Database

Back to search

RHSA-2014:1606: file security and bug fix update

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) February 18, 2014 October 14, 2014 July 04, 2017

Description

The "file" command is used to identify a particular file according to thetype of data contained in the file. The command can identify various filetypes, including ELF binaries, system libraries, RPM packages, anddifferent graphics formats.Multiple denial of service flaws were found in the way file parsed certainComposite Document Format (CDF) files. A remote attacker could use eitherof these flaws to crash file, or an application using file, via a speciallycrafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,CVE-2014-3480, CVE-2012-1571)Two denial of service flaws were found in the way file handled indirect andsearch rules. A remote attacker could use either of these flaws to causefile, or an application using file, to crash or consume an excessive amountof CPU. (CVE-2014-1943, CVE-2014-2270)This update also fixes the following bugs:All file users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-file

Related Vulnerabilities