Bug 34134

Summary: file: Denial of service (3.1)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Security maintainers <security-maintainers>
Status: CLOSED WONTFIX QA Contact:
Severity: normal    
Priority: P4    
Version: UCS 3.0   
Target Milestone: UCS 3.1-x-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2014-02-17 08:45:09 CET 
CVE-2014-1943

Incorrect handling of indirect rules in libmagic may lead to an infinite loop, resulting in denial of service
Comment 1 Moritz Muehlenhoff univentionstaff 2014-03-06 09:59:41 CET 
Denial of service in libmagic (CVE-2014-2270)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-03-26 14:19:47 CET 
CVE-2013-7345: Denial of service in magic for awk scripts
Comment 3 Moritz Muehlenhoff univentionstaff 2014-06-02 07:59:08 CEST 
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014.

The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes.

Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.