[v2.6] file: ELF parser DoS (CVE-2014-9620, CVE-2014-9621)
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a large number of notes (CVE-2014-9620) and via a long string (CVE-2014-9621).
References:
http://seclists.org/oss-sec/2015/q1/164
CONFIRM:
https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
CONFIRM:
https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
MLIST:[File] 20150102 file 5.22 is now available
URL: http://mx.gw.com/pipermail/file/2015/001660.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621
(from redmine: issue id 3860, created on 2015-02-02, closed on 2015-02-04)
- Relations:
- parent #3859 (closed)
- Changesets:
- Revision 1ba7dddd by Natanael Copa on 2015-02-02T11:36:18Z:
main/file: security upgrade to 5.22 (CVE-2014-8116,CVE-2014-8117,CVE-2014-9620,CVE-2014-9621)
fixes #3805
fixes #3860