[security-announce] file 5.18: Security update

Adrian Dudau Adrian.Dudau at enea.com
Thu Mar 26 12:50:45 CET 2015

Enea Linux Security Advisory
Product/package: file 5.18
CVE Names:
CVE-2014-9620 Limit the number of ELF notes processed - DoS
CVE-2014-9621 Limit string printing to 100 chars - DoS
A security patch that fixes DoS vulnerability in file is now available
at http://linux.enea.com/5.0-beta-m400/patches:
README file: 0011-file-CVE-2014-9620-and-CVE-2014-9621.README
Patch file: 0011-file-CVE-2014-9620-and-CVE-2014-9621.patch
The ELF parser in file 5.08 through 5.21 allows remote attackers
to cause a denial of service via a large number of notes.
The ELF parser in file 5.16 through 5.21 allows remote attackers
to cause a denial of service via a long string.
How to apply the patches
- Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order
wget http://linux.enea.com/5.0-beta-m400/Enea-Linux-5.0-beta-m400.tar.gz
tar zxvf Enea-Linux-5.0-beta-m400.tar.gz
<Fetch and apply the existing patches, please refer to
    README file for the individual patch>
- Fetch and apply the new patch
cd Enea-Linux-5.0-beta-m400/poky
patch -p1 < ./0011-file-CVE-2014-9620-and-CVE-2014-9621.patch
If you have any questions regarding the security patches and security
updates please contact security at enea.com.
Enea Security Team
This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.

More information about the security-announce mailing list