file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). The Mageia 3 update also fixes a possible crash in softmagic.c due to an improperly rediffed patch for a memory leak in a previous update (mga#13701).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | file | < 5.12-8.6 | file-5.12-8.6.mga3 |
Mageia | 4 | noarch | file | < 5.16-1.5 | file-5.16-1.5.mga4 |