Download
| Alert*
oval:org.secpod.oval:def:1800130
file is installed oval:org.secpod.oval:def:1800129 File versions 5.29, 5.30 and 5.31 contain a stack based buffer overflow when parsing a specially crafted input file. The issue lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary file. Fixed In Version: file 5.32 oval:org.secpod.oval:def:703791 file: Tool to determine file types The file utility could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:701912 file is installed oval:org.secpod.oval:def:70208 file: Tool to determine file types Details: USN-3911-1 fixed vulnerabilities in file. One of the backported security fixes introduced a regression that caused the interpreter string to be truncated. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3911-1 intro ... oval:org.secpod.oval:def:601236 It was discovered that the recent file update, DSA-2873-1, introduced a regression in the recognition of Perl scripts containing BEGIN code blocks. oval:org.secpod.oval:def:603091 Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed. oval:org.secpod.oval:def:600799 A regression was discovered in the security update for file, which lead to false positives on the CDF format. This update fixes that regression. For reference the original advisory text follows. The file type identification tool, file, and its associated library, libmagic, do not properly process ma ... oval:org.secpod.oval:def:702245 file: Tool to determine file types file could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:601225 Several vulnerabilities have been found in file, a file type classification tool. Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable format files, the executable format used on Windows. When processing a defective or intentionally prepared PE execut ... oval:org.secpod.oval:def:601905 Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files. As part of the fixes, several limits on aspects of the detection were added or tightened, so ... oval:org.secpod.oval:def:52401 file: Tool to determine file types file could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:702402 file: Tool to determine file types file could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:701635 file: Tool to determine file types File could be made to crash if it processed a specially crafted file. oval:org.secpod.oval:def:601215 It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID ... oval:org.secpod.oval:def:600745 The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File format, leading to crashes. Note that after this update, file may return different detection results for CDF files . The new detections are believed ... oval:org.secpod.oval:def:702113 file: Tool to determine file types File could be made to crash or hang if it processed specially crafted data. oval:org.secpod.oval:def:601774 This update corrects DSA 3021-1, which introduced a regression in the detection of a some "Composite Document Files" , marking them look as corrupted, with the error: "Can"t expand summary_info". On additional information, 5.11-2+deb7u4 changed the detection of certain text files ... oval:org.secpod.oval:def:601836 Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service by supplying a specially crafted ELF file. oval:org.secpod.oval:def:52255 file: Tool to determine file types File could be made to crash or hang if it processed specially crafted data. oval:org.secpod.oval:def:701588 file: Tool to determine file types File could be made to crash if it processed a specially crafted file. oval:org.secpod.oval:def:52318 file: Tool to determine file types file could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:601770 Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash. oval:org.secpod.oval:def:1901135 do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. oval:org.secpod.oval:def:53018 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:704827 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:2001615 do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service or possibly have unspecified other impact. oval:org.secpod.oval:def:1900776 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. oval:org.secpod.oval:def:2000615 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. oval:org.secpod.oval:def:1901181 do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. oval:org.secpod.oval:def:604577 A buffer overflow was found in file, a file type classification tool, which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF file is processed. oval:org.secpod.oval:def:69770 A buffer overflow was found in file, a file type classification tool, which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF file is processed. oval:org.secpod.oval:def:59609 file: Tool to determine file types file could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:602002 Hanno Boeck discovered that file"s ELF parser is suspectible to denial of service. oval:org.secpod.oval:def:612647 A buffer overflow was found in file, a file type classification tool, which may result in denial of service if a specially crafted file is processed. oval:org.secpod.oval:def:94957 file: Tool to determine file types file could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:708433 file: Tool to determine file types file could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:95200 A buffer overflow was found in file, a file type classification tool, which may result in denial of service if a specially crafted file is processed. oval:org.secpod.oval:def:704125 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:51058 file: Tool to determine file types Several security issues were fixed in file. |