file: multiple DoS issues (resource consumption) (CVE-2014-8116, CVE-2014-8117)
CVE-2014-8116:
The ELF parser (readelf.c) in file before 5.21 allows remote attackers
to cause a denial of service (CPU consumption or crash) via a large
number of (1) program or (2) section headers or (3) invalid
capabilities.
CVE-2014-8117:
softmagic.c in file before 5.21 does not properly limit recursion, which
allows remote attackers to cause a denial of service (CPU consumption or
crash) via unspecified vectors.
References:
•MLIST:[oss-security] 20141216 file(1): multiple denial of service
issues (resource consumption), CVE-2014-8116 and CVE-2014-8117
•URL: http://seclists.org/oss-sec/2014/q4/1056
•CONFIRM:
https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog
•CONFIRM:
https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8
•CONFIRM:
https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
•CONFIRM:
https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
•FREEBSD:FreeBSD-SA-14:28
•URL:
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
•SECTRACK:1031344
•URL: http://www.securitytracker.com/id/1031344
(from redmine: issue id 3804, created on 2015-01-27, closed on 2015-02-04)
- Relations:
- child #3805 (closed)
- child #3806 (closed)
- child #3807 (closed)
- child #3808 (closed)
- Changesets:
- Revision 718c47ea by Natanael Copa on 2015-01-30T10:12:15Z:
main/file: security upgrade to 5.22 (CVE-2014-8116,CVE-2014-8117)
ref #3804
fixes #3808