The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| File | File_project | 5.16 (including) | 5.16 (including) |
| File | File_project | 5.17 (including) | 5.17 (including) |
| File | File_project | 5.18 (including) | 5.18 (including) |
| File | File_project | 5.19 (including) | 5.19 (including) |
| File | File_project | 5.20 (including) | 5.20 (including) |
| File | File_project | 5.21 (including) | 5.21 (including) |
| File | Ubuntu | esm-infra-legacy/trusty | * |
| File | Ubuntu | lucid | * |
| File | Ubuntu | precise | * |
| File | Ubuntu | precise/esm | * |
| File | Ubuntu | trusty | * |
| File | Ubuntu | trusty/esm | * |
| File | Ubuntu | upstream | * |
| File | Ubuntu | utopic | * |
| File | Ubuntu | vivid | * |
| File | Ubuntu | vivid/stable-phone-overlay | * |
References
- http://advisories.mageia.org/MGASA-2015-0040.html
- http://mx.gw.com/pipermail/file/2014/001654.html
- http://mx.gw.com/pipermail/file/2015/001660.html
- http://www.openwall.com/lists/oss-security/2015/01/17/9
- https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
- https://security.gentoo.org/glsa/201503-08
- https://usn.ubuntu.com/3686-1/
- http://advisories.mageia.org/MGASA-2015-0040.html
- http://mx.gw.com/pipermail/file/2014/001654.html
- http://mx.gw.com/pipermail/file/2015/001660.html
- http://www.openwall.com/lists/oss-security/2015/01/17/9
- https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
- https://security.gentoo.org/glsa/201503-08
- https://usn.ubuntu.com/3686-1/