The "file" command is used to identify a particular file according to thetype of data contained in the file. The command can identify various filetypes, including ELF binaries, system libraries, RPM packages, anddifferent graphics formats.Multiple denial of service flaws were found in the way file parsed certainComposite Document Format (CDF) files. A remote attacker could use eitherof these flaws to crash file, or an application using file, via a speciallycrafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,CVE-2014-3480, CVE-2012-1571)Two denial of service flaws were found in the way file handled indirect andsearch rules. A remote attacker could use either of these flaws to causefile, or an application using file, to crash or consume an excessive amountof CPU. (CVE-2014-1943, CVE-2014-2270)This update also fixes the following bugs:All file users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.