Lucene search
DebianDEBIAN:DLA-50-1:0FCE5HistorySep 10, 2014 - 3:52 p.m.
[SECURITY] [DLA 50-1] file security update
2014-09-1015:52:03
lists.debian.org
27
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.08 Low
EPSS
Percentile
94.2%
Package : file
Version : 5.04-5+squeeze7
CVE ID : CVE-2014-3538 CVE-2014-3587
Debian Bug : -
CVE-2014-3538
file does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a
denial of service (CPU consumption).
CVE-2014-3587
Integer overflow in the cdf_read_property_info function in
cdf.c allows remote attackers to cause a denial of service
(application crash).
Note: The other seven issues for wheezy, fixed in 5.11-2+deb7u4
(DSA-3021-1), were already handled in 5.04-5+squeeze6 (DLA 27-1) in
July 2014. Also, as an amendment, as a side effect of the changes
done back then then, the MIME type detection of some files had
improved from "application/octet-stream" to something more specific
like "application/x-dosexec" or "application/x-iso9660-image".
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | armel | php5-imap | < 5.4.4-14+deb7u13 | php5-imap_5.4.4-14+deb7u13_armel.deb |
| Debian | 7 | amd64 | php5-mysql | < 5.4.4-14+deb7u13 | php5-mysql_5.4.4-14+deb7u13_amd64.deb |
| Debian | 7 | sparc | php5-common | < 5.4.4-14+deb7u13 | php5-common_5.4.4-14+deb7u13_sparc.deb |
| Debian | 7 | kfreebsd-amd64 | php5-gd | < 5.4.4-14+deb7u13 | php5-gd_5.4.4-14+deb7u13_kfreebsd-amd64.deb |
| Debian | 7 | mipsel | libmagic1 | < 5.11-2+deb7u4 | libmagic1_5.11-2+deb7u4_mipsel.deb |
| Debian | 7 | s390x | php5-dev | < 5.4.4-14+deb7u13 | php5-dev_5.4.4-14+deb7u13_s390x.deb |
| Debian | 7 | armhf | python-magic | < 5.11-2+deb7u4 | python-magic_5.11-2+deb7u4_armhf.deb |
| Debian | 7 | s390x | libapache2-mod-php5 | < 5.4.4-14+deb7u13 | libapache2-mod-php5_5.4.4-14+deb7u13_s390x.deb |
| Debian | 6 | i386 | php5-gd | < 5.3.3-7+squeeze22 | php5-gd_5.3.3-7+squeeze22_i386.deb |
| Debian | 7 | sparc | php5-mcrypt | < 5.4.4-14+deb7u13 | php5-mcrypt_5.4.4-14+deb7u13_sparc.deb |
Related
osv
osv
file - security update
2014-09-10 00:00:00
php5 - security update
2014-09-30 00:00:00
php5 - security update
2014-08-21 00:00:00
nessus
nessus
Debian DLA-50-1 : file security update
2015-03-26 00:00:00
Ubuntu 14.04 LTS : file vulnerability (USN-2369-1)
2014-10-03 00:00:00
Mandriva Linux Security Advisory : file (MDVSA-2014:167)
2014-09-12 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-50-1)
2023-03-08 00:00:00
Ubuntu: Security Advisory (USN-2369-1)
2014-10-03 00:00:00
Mageia: Security Advisory (MGASA-2014-0354)
2022-01-28 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Fileinfo cdf_read_property_info Denial of Service (CVE-2014-3587)
2014-10-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:19
Denial Of Service (DoS)
2019-01-15 09:11:28
Denial Of Service (DoS)
2019-05-02 05:04:17
securityvulns
securityvulns
[ MDVSA-2014:167 ] file
2014-09-03 00:00:00
[USN-2344-1] PHP vulnerabilities
2014-09-15 00:00:00
file utility memory corruption
2014-09-03 00:00:00
mageia
mageia
Updated file packages fix CVE-2014-3587
2014-08-27 03:04:56
Updated file packages fix security vulnerability
2014-08-06 00:08:48
Updated php packages fix security vulnerabilities
2014-08-08 15:23:49
ubuntu
ubuntu
file vulnerability
2014-10-03 00:00:00
PHP vulnerabilities
2014-09-10 00:00:00
file vulnerabilities
2014-07-15 00:00:00
debian
debian
[SECURITY] [DLA 67-1] php5 security update
2014-09-30 07:41:52
[SECURITY] [DSA 3008-1] php5 security update
2014-08-21 06:22:21
[SECURITY] [DSA 3008-2] php5 regression update
2014-08-21 12:39:59
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection
2018-06-16 21:43:49
Security Bulletin: File vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
redhat
redhat
(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update
2016-05-10 06:42:18
(RHSA-2014:1327) Moderate: php security update
2014-09-30 00:00:00
(RHSA-2015:2155) Moderate: file security and bug fix update
2015-11-19 14:41:30
centos
centos
file, python security update
2016-05-16 10:13:44
php security update
2014-09-30 10:59:18
file, python security update
2015-11-30 19:28:42
prion
prion
Design/Logic Flaw
2014-07-03 14:55:00
Integer overflow
2014-08-23 01:55:00
Design/Logic Flaw
2014-04-08 23:55:00
ubuntucve
ubuntucve
debiancve
debiancve
CVE-2014-3538
2014-07-03 14:55:00
CVE-2014-3587
2014-08-23 01:55:00
slackware
slackware
[slackware-security] php
2014-09-04 22:00:56
cve
cve
kitploit
kitploit
Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities
2019-05-21 21:17:00
amazon
amazon
oraclelinux
oraclelinux
file security, bug fix, and enhancement update
2016-05-12 00:00:00
php security update
2014-09-30 00:00:00
file security and bug fix update
2015-11-23 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: file-5.19-7.fc20
2014-10-29 11:03:54
[SECURITY] Fedora 20 Update: file-5.19-4.fc20
2014-08-24 02:55:59
[SECURITY] Fedora 20 Update: php-5.5.16-1.fc20
2014-09-02 06:40:37
suse
suse
Security update for php53 (important)
2016-09-16 21:09:09
Security update for php5 (important)
2016-10-04 17:11:09
Security update for php5 (important)
2016-09-28 15:09:48
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.08 Low
EPSS
Percentile
94.2%
Related for DEBIAN:DLA-50-1:0FCE5