Mandriva Linux Security Advisory : file (MDVSA-2015:010)
Medium Nessus Plugin ID 80429
Synopsis
The remote Mandriva Linux host is missing one or more security updates.
Description
Updated file packages fix security vulnerabilities :
Thomas Jarosch of Intra2net AG reported that using the file command on a specially crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption (CVE-2014-8116).
Thomas Jarosch of Intra2net AG reported that using the file command on a specially crafted ELF binary could lead to a denial of service due to uncontrolled recursion (CVE-2014-8117).
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes (CVE-2014-9620).
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string (CVE-2014-9621).
The updated file packages has been upgraded to the latest 5.22 version which is not vulnerable to these issues.
Solution
Update the affected packages.