[SECURITY] [DSA 3021-1] file security update

2014-09-0913:10:59

lists.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

10 High

AI Score

Confidence

High

0.157 Low

EPSS

Percentile

96.0%

JSON

Debian Security Advisory DSA-3021-1 [email protected]
http://www.debian.org/security/ Luciano Bello
September 09, 2014 http://www.debian.org/security/faq

Package : file
CVE ID : CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3478
CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538
CVE-2014-3587

Multiple security issues have been found in file, a tool to determine
a file type. These vulnerabilities allow remote attackers to cause a
denial of service, via resource consumption or application crash.

For the stable distribution (wheezy), these problems have been fixed in
version 5.11-2+deb7u4.

For the testing distribution (jessie), these problems have been fixed in
version file 1:5.19-2.

For the unstable distribution (sid), these problems have been fixed in
version file 1:5.19-2.

We recommend that you upgrade your file packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7s390xphp5-cgi< 5.4.4-14+deb7u12php5-cgi_5.4.4-14+deb7u12_s390x.deb
Debian7sparcphp5-recode< 5.4.4-14+deb7u12php5-recode_5.4.4-14+deb7u12_sparc.deb
Debian7kfreebsd-amd64python-magic< 5.11-2+deb7u4python-magic_5.11-2+deb7u4_kfreebsd-amd64.deb
Debian7armelphp5-sybase< 5.4.4-14+deb7u12php5-sybase_5.4.4-14+deb7u12_armel.deb
Debian7s390php5-tidy< 5.4.4-14+deb7u12php5-tidy_5.4.4-14+deb7u12_s390.deb
Debian7i386libapache2-mod-php5filter< 5.4.4-14+deb7u12libapache2-mod-php5filter_5.4.4-14+deb7u12_i386.deb
Debian7armelphp5-pspell< 5.4.4-14+deb7u12php5-pspell_5.4.4-14+deb7u12_armel.deb
Debian7mipslibphp5-embed< 5.4.4-14+deb7u12libphp5-embed_5.4.4-14+deb7u12_mips.deb
Debian7s390xpython-magic-dbg< 5.11-2+deb7u4python-magic-dbg_5.11-2+deb7u4_s390x.deb
Debian7s390xlibmagic-dev< 5.11-2+deb7u4libmagic-dev_5.11-2+deb7u4_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	s390x	php5-cgi	< 5.4.4-14+deb7u12	php5-cgi_5.4.4-14+deb7u12_s390x.deb
Debian	7	sparc	php5-recode	< 5.4.4-14+deb7u12	php5-recode_5.4.4-14+deb7u12_sparc.deb
Debian	7	kfreebsd-amd64	python-magic	< 5.11-2+deb7u4	python-magic_5.11-2+deb7u4_kfreebsd-amd64.deb
Debian	7	armel	php5-sybase	< 5.4.4-14+deb7u12	php5-sybase_5.4.4-14+deb7u12_armel.deb
Debian	7	s390	php5-tidy	< 5.4.4-14+deb7u12	php5-tidy_5.4.4-14+deb7u12_s390.deb
Debian	7	i386	libapache2-mod-php5filter	< 5.4.4-14+deb7u12	libapache2-mod-php5filter_5.4.4-14+deb7u12_i386.deb
Debian	7	armel	php5-pspell	< 5.4.4-14+deb7u12	php5-pspell_5.4.4-14+deb7u12_armel.deb
Debian	7	mips	libphp5-embed	< 5.4.4-14+deb7u12	libphp5-embed_5.4.4-14+deb7u12_mips.deb
Debian	7	s390x	python-magic-dbg	< 5.11-2+deb7u4	python-magic-dbg_5.11-2+deb7u4_s390x.deb
Debian	7	s390x	libmagic-dev	< 5.11-2+deb7u4	libmagic-dev_5.11-2+deb7u4_s390x.deb