Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:2155
HistoryNov 19, 2015 - 2:41 p.m.

(RHSA-2015:2155) Moderate: file security and bug fix update

2015-11-1914:41:30
access.redhat.com
36

0.157 Low

EPSS

Percentile

96.0%

JSON

The file command is used to identify a particular file according to the
type of data the file contains. It can identify many different file
types, including Executable and Linkable Format (ELF) binary files,
system libraries, RPM packages, and different graphics formats.

Multiple denial of service flaws were found in the way file parsed certain
Composite Document Format (CDF) files. A remote attacker could use either
of these flaws to crash file, or an application using file, via a specially
crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238,
CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587)

Two flaws were found in the way file processed certain Pascal strings. A
remote attacker could cause file to crash if it was used to identify the
type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652)

Multiple flaws were found in the file regular expression rules for
detecting various files. A remote attacker could use these flaws to cause
file to consume an excessive amount of CPU. (CVE-2014-3538)

Multiple flaws were found in the way file parsed Executable and Linkable
Format (ELF) files. A remote attacker could use these flaws to cause file
to crash, disclose portions of its memory, or consume an excessive amount
of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117,
CVE-2014-9653)

Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting
the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207,
CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of
Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan
Kaluža of the Red Hat Web Stack Team

The file packages have been updated to ensure correct operation on Power
little endian and ARM 64-bit hardware architectures. (BZ#1224667,
BZ#1224668, BZ#1157850, BZ#1067688).

All file users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Related

nessus 67
oraclelinux 4
openvas 56
ibm 3
centos 4
debian 9
osv 8
amazon 6
redhat 5
mageia 6
ubuntu 3
securityvulns 6
freebsd_advisory 1
freebsd 1
fedora 8
f5 6
slackware 2
gentoo 1
veracode 3
nessus
nessus
Scientific Linux Security Update : file on SL7.x x86_64 (20151119)
2015-12-22 00:00:00
CentOS 7 : file (CESA-2015:2155)
2015-12-02 00:00:00
RHEL 7 : file (RHSA-2015:2155)
2015-11-20 00:00:00
oraclelinux
oraclelinux
file security and bug fix update
2015-11-23 00:00:00
file security, bug fix, and enhancement update
2016-05-12 00:00:00
php security update
2014-08-06 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-2155)
2015-11-24 00:00:00
RedHat Update for file RHSA-2015:2155-07
2015-11-20 00:00:00
Debian: Security Advisory (DSA-3021-1)
2014-09-08 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection
2018-06-16 21:43:49
centos
centos
file, python security update
2015-11-30 19:28:42
file, python security update
2016-05-16 10:13:44
php security update
2014-08-06 14:38:20
debian
debian
[SECURITY] [DSA 3021-2] file regression update
2014-09-10 21:28:57
[SECURITY] [DSA 3021-1] file security update
2014-09-09 13:10:59
[DLA 27-1] file security update
2014-07-31 14:47:17
osv
osv
file - security update
2014-09-09 00:00:00
file - security update
2014-07-31 00:00:00
php5 - security update
2015-01-31 00:00:00
amazon
amazon
Medium: file
2014-07-23 13:57:00
Medium: php55
2014-07-09 16:42:00
Medium: php54
2014-07-09 16:24:00
redhat
redhat
(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update
2016-05-10 06:42:18
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1766) Important: php55-php security update
2014-10-30 00:00:00
mageia
mageia
Updated file packages fix security vulnerabilities
2014-07-04 22:26:27
Updated php packages fix multiple vulnerabilities
2014-07-09 02:30:04
Updated php packages fix multiple vulnerabilities
2014-07-09 02:29:20
ubuntu
ubuntu
file vulnerabilities
2014-07-15 00:00:00
file vulnerabilities
2015-02-04 00:00:00
PHP vulnerabilities
2014-07-09 00:00:00
securityvulns
securityvulns
libmagic / file / fileinfo / PHP security vulnerabilities
2015-03-18 00:00:00
FreeBSD Security Advisory FreeBSD-SA-14:28.file
2014-12-10 00:00:00
PHP/fileinfo/file DoS
2014-06-14 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:28.file
2014-12-10 00:00:00
freebsd
freebsd
file -- multiple vulnerabilities
2014-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: file-5.19-1.fc20
2014-07-05 14:54:09
[SECURITY] Fedora 20 Update: php-5.5.14-1.fc20
2014-06-30 10:25:38
[SECURITY] Fedora 21 Update: file-5.22-2.fc21
2015-02-18 05:55:37
f5
f5
K15498 : Multiple PHP vulnerabilities
2014-08-12 00:00:00
SOL15498 - Multiple PHP vulnerabilities
2014-08-12 00:00:00
K16347 : Linux file utility vulnerabilities CVE-2014-8116 and CVE-2014-8117
2015-07-22 00:00:00
slackware
slackware
[slackware-security] php
2014-07-12 03:48:04
[slackware-security] php
2014-06-09 21:04:52
gentoo
gentoo
file: Multiple vulnerabilities
2017-01-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
Denial Of Service (DoS)
2019-05-02 05:04:17

0.157 Low

EPSS

Percentile

96.0%

JSON
Related for RHSA-2015:2155
nessus67oraclelinux4openvas56ibm3centos4debian9osv8amazon6redhat5mageia6ubuntu3securityvulns6freebsd_advisory1freebsd1fedora8f56slackware2gentoo1veracode3