Moderate CentOS file Security Update

Metadata

high
7.5
file-5.11-31.el7.x86_64.rpm, file-devel-5.11-31.el7.i686.rpm, file-devel-5.11-31.el7.x86_64.rpm, file-libs-5.11-31.el7.i686.rpm, file-libs-5.11-31.el7.x86_64.rpm, file-static-5.11-31.el7.i686.rpm, file-static-5.11-31.el7.x86_64.rpm, python-magic-5.11-31.el7.noarch.rpm
CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9652, CVE-2014-9653
rhn.redhat.com, lists.centos.org
2015-11-30
2017-07-27 19:10
ALAS-2014-362
ALAS-2014-450
ALAS-2014-398
ALAS-2014-453
ALAS-2014-367
ALAS-2015-497
ALAS-2014-361
ALAS-2014-393
ALAS-2014-382
ALAS-2014-372
ALAS-2014-415
ALAS-2014-451
Moderate CentOS php Update
Moderate CentOS php Security Update
Important CentOS php Security Update
Moderate CentOS file Security Update
Moderate CentOS php Security Update
Moderate CentOS php Security Update
Important CentOS php Security Update
Moderate CentOS file Security Update
Important CentOS php53 Security Update
CVE-2014-0238 php5
CVE-2014-8117 php5
CVE-2014-3480 file
CVE-2014-3479 file
CVE-2014-3710 file
CVE-2014-8116 php5
CVE-2014-0207 file
CVE-2014-3587 file
CVE-2014-9652 file
CVE-2014-9653 php5
CVE-2014-3478 file
CVE-2014-3480 php5
CVE-2014-3538 php5
CVE-2014-0207 php5
CVE-2014-0238 file
CVE-2014-3587 php5
CVE-2014-3479 php5
CVE-2014-3478 php5
CVE-2014-3487 php5
CVE-2014-3487 file
CVE-2014-8116 file
CVE-2014-8117 file
CVE-2014-0237 file
CVE-2014-9653 file
CVE-2014-3538 file
CVE-2014-9652 php5
CVE-2014-3710 php5
CVE-2014-0237 php5
CVE-2014-9652
CVE-2014-0237
CVE-2014-3479
CVE-2014-3538
CVE-2014-0238
CVE-2014-8116
CVE-2014-3487
CVE-2014-3587
CVE-2014-8117
CVE-2014-3710
CVE-2014-0207
CVE-2014-3478
CVE-2014-3480
CVE-2014-9653
2017-04-01 19:09
2017-01-05 20:13

Description


Updated file packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

The file command is used to identify a particular file according to the
type of data the file contains. It can identify many different file
types, including Executable and Linkable Format (ELF) binary files,
system libraries, RPM packages, and different graphics formats.

Multiple denial of service flaws were found in the way file parsed certain
Composite Document Format (CDF) files. A remote attacker could use either
of these flaws to crash file, or an application using file, via a specially
crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238,
CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587)

Two flaws were found in the way file processed certain Pascal strings. A
remote attacker could cause file to crash if it was used to identify the
type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652)

Multiple flaws were found in the file regular expression rules for
detecting various files. A remote attacker could use these flaws to cause
file to consume an excessive amount of CPU. (CVE-2014-3538)

Multiple flaws were found in the way file parsed Executable and Linkable
Format (ELF) files. A remote attacker could use these flaws to cause file
to crash, disclose portions of its memory, or consume an excessive amount
of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117,
CVE-2014-9653)

Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting
the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207,
CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of
Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan
Kalu┼ża of the Red Hat Web Stack Team

The file packages have been updated to ensure correct operation on Power
little endian and ARM 64-bit hardware architectures. (BZ#1224667,
BZ#1224668, BZ#1157850, BZ#1067688).

All file users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
7 file file-5.11-31.el7.x86_64.rpm
file-devel file-devel-5.11-31.el7.i686.rpm
file-devel file-devel-5.11-31.el7.x86_64.rpm
file-libs file-libs-5.11-31.el7.i686.rpm
file-libs file-libs-5.11-31.el7.x86_64.rpm
file-static file-static-5.11-31.el7.i686.rpm
file-static file-static-5.11-31.el7.x86_64.rpm
python-magic python-magic-5.11-31.el7.noarch.rpm