Lucene search
AmazonALAS-2014-453HistoryNov 22, 2014 - 2:34 p.m.
Medium: file
2014-11-2214:34:00
alas.aws.amazon.com
12
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.044 Low
EPSS
Percentile
92.3%
Issue Overview:
An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file.
Affected Packages:
file
Issue Correction:
Run yum update file to update your system.
New Packages:
i686:
file-debuginfo-5.19-7.24.amzn1.i686
file-5.19-7.24.amzn1.i686
file-static-5.19-7.24.amzn1.i686
file-libs-5.19-7.24.amzn1.i686
file-devel-5.19-7.24.amzn1.i686
noarch:
python-magic-5.19-7.24.amzn1.noarch
src:
file-5.19-7.24.amzn1.src
x86_64:
file-debuginfo-5.19-7.24.amzn1.x86_64
file-devel-5.19-7.24.amzn1.x86_64
file-static-5.19-7.24.amzn1.x86_64
file-libs-5.19-7.24.amzn1.x86_64
file-5.19-7.24.amzn1.x86_64
Additional References
Red Hat: CVE-2014-3710
Mitre: CVE-2014-3710
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | file-debuginfo | < 5.19-7.24.amzn1 | file-debuginfo-5.19-7.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | file | < 5.19-7.24.amzn1 | file-5.19-7.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | file-static | < 5.19-7.24.amzn1 | file-static-5.19-7.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | file-libs | < 5.19-7.24.amzn1 | file-libs-5.19-7.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | file-devel | < 5.19-7.24.amzn1 | file-devel-5.19-7.24.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | python-magic | < 5.19-7.24.amzn1 | python-magic-5.19-7.24.amzn1.noarch.rpm |
| Amazon Linux | 1 | x86_64 | file-debuginfo | < 5.19-7.24.amzn1 | file-debuginfo-5.19-7.24.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | file-devel | < 5.19-7.24.amzn1 | file-devel-5.19-7.24.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | file-static | < 5.19-7.24.amzn1 | file-static-5.19-7.24.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | file-libs | < 5.19-7.24.amzn1 | file-libs-5.19-7.24.amzn1.x86_64.rpm |
Related
prion
prion
Out-of-bounds
2014-11-05 11:55:00
nessus
nessus
Debian DLA-86-1 : file security update
2015-03-26 00:00:00
Fedora 21 : file-5.19-7.fc21 (2014-13535)
2014-11-11 00:00:00
PHP 5.6.x < 5.6.3 'donote' DoS
2014-11-14 00:00:00
ubuntucve
ubuntucve
CVE-2014-3710
2014-10-24 00:00:00
debian
debian
[SECURITY] [DLA 86-1] file security update
2014-11-12 16:17:29
[SECURITY] [DSA 3074-1] php5 security update
2014-11-18 21:10:45
[SECURITY] [DSA 3072-1] file security update
2014-11-12 09:19:45
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-450)
2015-09-08 00:00:00
Debian Security Advisory DSA 3072-1 (file - security update)
2014-11-11 00:00:00
Debian: Security Advisory (DSA-3072-1)
2014-11-10 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: file-5.19-7.fc21
2014-11-10 06:44:48
[SECURITY] Fedora 20 Update: file-5.19-7.fc20
2014-10-29 11:03:54
f5
f5
K15898 : PHP vulnerability CVE-2014-3710
2014-12-08 00:00:00
SOL15898 - PHP vulnerability CVE-2014-3710
2014-12-08 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2014-11-12 12:56:47
Updated [package] package fix CVE-2014-3710
2014-10-31 18:53:38
debiancve
debiancve
CVE-2014-3710
2014-11-05 11:55:00
amazon
amazon
Medium: php54
2014-11-22 13:58:00
Medium: php55
2014-11-22 13:58:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:21
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:17
osv
osv
php5 - security update
2014-11-18 00:00:00
file - security update
2014-11-11 00:00:00
php5 - security update
2014-11-25 00:00:00
cve
cve
CVE-2014-3710
2014-11-05 11:55:00
archlinux
archlinux
file: denial of service through out-of-bounds read
2014-11-12 00:00:00
php: denial of service
2014-11-13 00:00:00
securityvulns
securityvulns
[slackware-security] php (SSA:2014-356-02)
2014-12-23 00:00:00
PHP/fileinfo/file DoS
2014-06-14 00:00:00
FreeBSD Security Advisory FreeBSD-SA-14:28.file
2014-12-10 00:00:00
slackware
slackware
[slackware-security] php
2014-12-23 05:38:55
ubuntu
ubuntu
file vulnerabilities
2015-02-04 00:00:00
php5 vulnerabilities
2014-10-30 00:00:00
freebsd
freebsd
file -- multiple vulnerabilities
2014-12-16 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:28.file
2014-12-10 00:00:00
redhat
redhat
(RHSA-2014:1767) Important: php security update
2014-10-30 00:00:00
(RHSA-2014:1768) Important: php53 security update
2014-10-30 00:00:00
(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update
2016-05-10 06:42:18
oraclelinux
oraclelinux
php security update
2014-10-30 00:00:00
php53 security update
2014-10-30 00:00:00
file security, bug fix, and enhancement update
2016-05-12 00:00:00
centos
centos
php53 security update
2014-10-31 14:37:09
php security update
2014-10-31 13:14:51
file, python security update
2016-05-16 10:13:44
gentoo
gentoo
file: Multiple vulnerabilities
2017-01-17 00:00:00
PHP: Multiple vulnerabilities
2015-03-08 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection
2018-06-16 21:43:49
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.044 Low
EPSS
Percentile
92.3%
Related for ALAS-2014-453