FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

file -- multiple vulnerabilities

Affected packages
file < 5.21
8.4 <= FreeBSD < 8.4_20
9.1 <= FreeBSD < 9.1_23
9.2 <= FreeBSD < 9.2_16
9.3 <= FreeBSD < 9.3_6
10.0 <= FreeBSD < 10.0_13
10.1 <= FreeBSD < 10.1_1

Details

VuXML ID 9575259a-92d5-11e4-bce6-d050992ecde8
Discovery 2014-12-16
Entry 2015-01-02

RedHat reports:

Thomas Jarosch of Intra2net AG reported a number of denial of service issues (resource consumption) in the ELF parser used by file(1). These issues were fixed in the 5.21 release of file(1), but by mistake are missing from the changelog.

References

CVE Name CVE-2014-3710
CVE Name CVE-2014-8116
CVE Name CVE-2014-8117
FreeBSD Advisory SA-14:28.file
URL http://seclists.org/oss-sec/2014/q4/1056