Mandriva Linux Security Advisory : file (MDVSA-2014:131)
Medium Nessus Plugin ID 76439
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated file packages fix security vulnerabilities :
A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478).
Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-3479, CVE-2014-3480, CVE-2014-3487).
Note: these issues were announced as part of the upstream PHP 5.4.30 release, as PHP bundles file's libmagic library. Their announcement also references an issue in CDF file parsing, CVE-2014-0207, which was previously fixed in the file package in MGASA-2014-0252, but was not announced at that time.
SolutionUpdate the affected packages.