Rapid7 Vulnerability & Exploit Database

RHSA-2014:1606: file security and bug fix update

Back to Search

RHSA-2014:1606: file security and bug fix update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
02/18/2014
Created
07/25/2018
Added
10/14/2014
Modified
07/04/2017

Description

The "file" command is used to identify a particular file according to thetype of data contained in the file. The command can identify various filetypes, including ELF binaries, system libraries, RPM packages, anddifferent graphics formats.Multiple denial of service flaws were found in the way file parsed certainComposite Document Format (CDF) files. A remote attacker could use eitherof these flaws to crash file, or an application using file, via a speciallycrafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,CVE-2014-3480, CVE-2012-1571)Two denial of service flaws were found in the way file handled indirect andsearch rules. A remote attacker could use either of these flaws to causefile, or an application using file, to crash or consume an excessive amountof CPU. (CVE-2014-1943, CVE-2014-2270)This update also fixes the following bugs:All file users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.

Solution(s)

  • redhat-upgrade-file
  • redhat-upgrade-file-debuginfo
  • redhat-upgrade-file-devel
  • redhat-upgrade-file-libs
  • redhat-upgrade-file-static
  • redhat-upgrade-python-magic

References

  • redhat-upgrade-file
  • redhat-upgrade-file-debuginfo
  • redhat-upgrade-file-devel
  • redhat-upgrade-file-libs
  • redhat-upgrade-file-static
  • redhat-upgrade-python-magic

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;