drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in file
Name: |
Denial of Service in file |
|
ID: |
201806-08 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
So, 24. Juni 2018, 00:18 |
|
Referenzen: |
https://nvd.nist.gov/vuln/detail/CVE-2018-10360 |
|
Applikationen: |
file |
|
Originalnachricht |
--nextPart69551925.PiRWNciKhV Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201806-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: file: Denial of service Date: June 23, 2018 Bugs: #657930 ID: 201806-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
A vulnerability in file could lead to a Denial of Service condition.
Background ==========
file is a utility that guesses a file format by scanning binary data for patterns.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/file < 5.33-r2 >= 5.33-r2
Description ===========
File does not properly utilize the do_core_note function in readelf.c in libmagic.a.
Impact ======
A remote attacker could send a specially crafted ELF file possibly resulting in a Denial of Service condition.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All file users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/file-5.33-r2"
References ==========
[ 1 ] CVE-2018-10360 https://nvd.nist.gov/vuln/detail/CVE-2018-10360
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201806-08
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 --nextPart69551925.PiRWNciKhV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlsuvfMACgkQpRQw84X1 dt0UWQgAo9bGHk1Y3/zGpa3ESl4lhBQfLnI3Fa3yCigUtvX2GqFYbtoSAwmlDH0Q yT7eDfrbojHthm7nSNS9mLPgGz/7J/4VqDyu2bIm4f68OVDkwuhkdD5g4FTsEK8J VuW9YErJjFg/gBywv5Z1rTB5hz4QUHjsiPFnxZlXyacw3LfaaeUl7H9+0Ko4PnDl Ol/lcK92grEAPOSM7El4ugqDkWHEHJlVOL7/a+PGhKUILe2RiNtwlb6fZVXH+6Sm sbKvbtJ5F6yeaDpGHuQle2CIj681x0/OaE4lYIFfO0r2P/J2i265MMINl41c7heG VT1frDcHWvzxFQhk7l1rB8nEAuSkTA== =gNPg -----END PGP SIGNATURE-----
--nextPart69551925.PiRWNciKhV--
|
|
|
|