Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871263
Category:Red Hat Local Security Checks
Title:RedHat Update for file RHSA-2014:1606-02
Summary:The remote host is missing an update for the 'file'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'file'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The 'file' command is used to identify a particular file according to the
type of data contained in the file. The command can identify various file
types, including ELF binaries, system libraries, RPM packages, and
different graphics formats.

Multiple denial of service flaws were found in the way file parsed certain
Composite Document Format (CDF) files. A remote attacker could use either
of these flaws to crash file, or an application using file, via a specially
crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,
CVE-2014-3480, CVE-2012-1571)

Two denial of service flaws were found in the way file handled indirect and
search rules. A remote attacker could use either of these flaws to cause
file, or an application using file, to crash or consume an excessive amount
of CPU. (CVE-2014-1943, CVE-2014-2270)

This update also fixes the following bugs:

* Previously, the output of the 'file' command contained redundant white
spaces. With this update, the new STRING_TRIM flag has been introduced to
remove the unnecessary white spaces. (BZ#664513)

* Due to a bug, the 'file' command could incorrectly identify an XML
document as a LaTex document. The underlying source code has been modified
to fix this bug and the command now works as expected. (BZ#849621)

* Previously, the 'file' command could not recognize .JPG files and
incorrectly labeled them as 'Minix filesystem'. This bug has been fixed and
the command now properly detects .JPG files. (BZ#873997)

* Under certain circumstances, the 'file' command incorrectly detected
NETpbm files as 'x86 boot sector'. This update applies a patch to fix this
bug and the command now detects NETpbm files as expected. (BZ#884396)

* Previously, the 'file' command incorrectly identified ASCII text files as
a .PIC image file. With this update, a patch has been provided to address
this bug and the command now correctly recognizes ASCII text files.
(BZ#980941)

* On 32-bit PowerPC systems, the 'from' field was missing from the output
of the 'file' command. The underlying source code has been modified to fix
this bug and 'file' output now contains the 'from' field as expected.
(BZ#1037279)

* The 'file' command incorrectly detected text files as 'RRDTool DB version
ool - Round Robin Database Tool'. This update applies a patch to fix this
bug and the command now correctly detects text files. (BZ#1064463)

* Previously, the 'file' command supported only version 1 and 2 of the QCOW
format. As a consequence, file was unable to detect a 'qcow2 compat ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
file on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1571
Debian Security Information: DSA-2422 (Google Search)
http://www.debian.org/security/2012/dsa-2422
http://www.mandriva.com/security/advisories?name=MDVSA-2012:035
http://mx.gw.com/pipermail/file/2012/000914.html
http://www.ubuntu.com/usn/USN-2123-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-0237
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BugTraq ID: 67759
http://www.securityfocus.com/bid/67759
Debian Security Information: DSA-3021 (Google Search)
http://www.debian.org/security/2014/dsa-3021
RedHat Security Advisories: RHSA-2014:1765
http://rhn.redhat.com/errata/RHSA-2014-1765.html
RedHat Security Advisories: RHSA-2014:1766
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59061
http://secunia.com/advisories/59329
http://secunia.com/advisories/59418
http://secunia.com/advisories/60998
SuSE Security Announcement: SUSE-SU-2014:0869 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-0238
BugTraq ID: 67765
http://www.securityfocus.com/bid/67765
Common Vulnerability Exposure (CVE) ID: CVE-2014-1943
Debian Security Information: DSA-2861 (Google Search)
http://www.debian.org/security/2014/dsa-2861
Debian Security Information: DSA-2868 (Google Search)
http://www.debian.org/security/2014/dsa-2868
http://mx.gw.com/pipermail/file/2014/001330.html
http://mx.gw.com/pipermail/file/2014/001334.html
http://mx.gw.com/pipermail/file/2014/001337.html
http://mx.gw.com/pipermail/file/2014/001327.html
SuSE Security Announcement: openSUSE-SU-2014:0364 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html
SuSE Security Announcement: openSUSE-SU-2014:0367 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html
http://www.ubuntu.com/usn/USN-2126-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-2270
Debian Security Information: DSA-2873 (Google Search)
http://www.debian.org/security/2014/dsa-2873
https://security.gentoo.org/glsa/201503-08
http://seclists.org/oss-sec/2014/q1/473
http://seclists.org/oss-sec/2014/q1/504
http://seclists.org/oss-sec/2014/q1/505
SuSE Security Announcement: openSUSE-SU-2014:0435 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html
http://www.ubuntu.com/usn/USN-2162-1
http://www.ubuntu.com/usn/USN-2163-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3479
BugTraq ID: 68241
http://www.securityfocus.com/bid/68241
Debian Security Information: DSA-2974 (Google Search)
http://www.debian.org/security/2014/dsa-2974
HPdes Security Advisory: HPSBUX03102
http://marc.info/?l=bugtraq&m=141017844705317&w=2
HPdes Security Advisory: SSRT101681
http://mx.gw.com/pipermail/file/2014/001553.html
http://secunia.com/advisories/59794
http://secunia.com/advisories/59831
SuSE Security Announcement: openSUSE-SU-2014:1236 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3480
BugTraq ID: 68238
http://www.securityfocus.com/bid/68238
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.