Lucene search

K
debianDebianDEBIAN:DLA-204-1:A06D6
HistoryApr 19, 2015 - 1:06 p.m.

[SECURITY] [DLA 204-1] file security update

2015-04-1913:06:12
lists.debian.org
22

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.061

Percentile

93.7%

Package : file
Version : 5.04-5+squeeze10
CVE ID : CVE-2014-9653
Debian Bug : 777585

This update fixes the following issue in the file package:

CVE-2014-9653

readelf.c does not consider that pread calls sometimes read only
a subset of the available data, which allows remote attackers to
cause a denial of service (uninitialized memory access) or
possibly have unspecified other impact via a crafted ELF file.

Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian7allfile< 5.11-2+deb7u8file_5.11-2+deb7u8_all.deb
Debian6allfile< 5.04-5+squeeze10file_5.04-5+squeeze10_all.deb

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.061

Percentile

93.7%