Synopsis: Moderate: file security and bug fix update Advisory ID: SLSA-2015:2155-7 Issue Date: 2015-11-19 CVE Numbers: CVE-2014-0238 CVE-2014-0237 CVE-2014-3480 CVE-2014-3479 CVE-2014-0207 CVE-2014-3487 CVE-2014-3587 CVE-2014-3538 CVE-2014-3478 CVE-2014-3710 CVE-2014-9652 CVE-2014-8116 CVE-2014-8117 CVE-2014-9653 -- Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. -- SL7 x86_64 file-5.11-31.el7.x86_64.rpm file-debuginfo-5.11-31.el7.i686.rpm file-debuginfo-5.11-31.el7.x86_64.rpm file-libs-5.11-31.el7.i686.rpm file-libs-5.11-31.el7.x86_64.rpm file-devel-5.11-31.el7.i686.rpm file-devel-5.11-31.el7.x86_64.rpm file-static-5.11-31.el7.i686.rpm file-static-5.11-31.el7.x86_64.rpm noarch python-magic-5.11-31.el7.noarch.rpm - Scientific Linux Development Team