Bug 34135 – file: Multiple issues (3.2)

Bug 34135 - file: Multiple issues (3.2)


Summary:	file: Multiple issues (3.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 3.0
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 3.2-7-errata
Assigned To:	Stefan Gohmann
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-02-17 08:45 CET by Moritz Muehlenhoff
Modified:	2015-09-09 11:31 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Moritz Muehlenhoff

2014-02-17 08:45:30 CET

+++ This bug was initially created as a clone of Bug #34134 +++

CVE-2014-1943

Incorrect handling of indirect rules in libmagic may lead to an infinite loop, resulting in denial of service

Comment 1 Moritz Muehlenhoff

2014-03-06 09:59:52 CET

Denial of service in libmagic (CVE-2014-2270)

Comment 2 Moritz Muehlenhoff

2014-03-26 14:19:54 CET

CVE-2013-7345: Denial of service in magic for awk scripts

Comment 3 Moritz Muehlenhoff

2014-06-30 07:17:42 CEST

Buffer overflow in CDF module (CVE-2014-3487, CVE-2014-3479, CVE-2014-3480, CVE-2014-0207)
Incorrect string size calculation in the softmagic module (CVE-2014-3478)

Comment 4 Moritz Muehlenhoff

2014-09-08 07:54:24 CEST

Buffer overflow in CDF parsing (CVE-2014-3587)

Comment 5 Moritz Muehlenhoff

2014-11-10 13:32:11 CET

Out of bounds reads when parsing ELF section headers (CVE-2014-3710)

Comment 6 Moritz Muehlenhoff

2014-12-15 10:22:17 CET

Denial of service issues in the ELF parser (CVE-2014-8116, CVE-2014-8117)

Comment 7 Moritz Muehlenhoff

2015-02-10 09:30:59 CET

Denial of service when processing malformed ELF files (CVE-2014-9653)

Comment 8 Arvid Requate

2015-05-06 17:17:41 CEST

Fixed in upstream Debian package version 5.04-5+squeeze10

Comment 9 Stefan Gohmann

2015-08-29 20:28:03 CEST

5.04-5+squeeze10 has been imported and build. It also fixes
  * Performance degradation (CVE-2014-0237)
  * Infinite loop or out-of-bounds memory access (CVE-2014-0238)
  * CPU consumption (CVE-2014-3538)

YAML: 2015-08-29-acpi-support.yaml

Comment 10 Felix Botner

2015-09-03 19:24:58 CEST

OK - version 5.04-5+squeeze10 built in errata3.2-7
OK - CVE's
OK - YAML

Comment 11 Janek Walkenhorst

2015-09-09 11:31:13 CEST

<http://errata.software-univention.de/ucs/3.2/366.html>