- Detalji os-a: FED
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2014-13571
2014-10-27 02:21:35
——————————————————————————–
Name : file
Product : Fedora 20
Version : 5.19
Release : 7.fc20
URL : http://www.darwinsys.com/file/
Summary : A utility for determining file types
Description :
The file command is used to identify a particular file according to the
type of data contained by the file. File can identify many different
file types, including ELF binaries, system libraries, RPM packages, and
different graphics formats.
——————————————————————————–
Update Information:
Security fix for CVE-2014-3710
——————————————————————————–
ChangeLog:
* Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> – 5.19-7
– fix #1155464 – fix for CVE-2014-3710
* Wed Sep 3 2014 Jan Kaluza <jkaluza@redhat.com> – 5.19-6
– fix #1134580 – detect Mach-O universal binary
* Wed Sep 3 2014 Jan Kaluza <jkaluza@redhat.com> – 5.19-5
– fix #1101404 – remove weak Pascal patterns
– fix #1107995 – detect locale-archive
– fix #1130693, #1115111 – fix detection of MSOOXML, OOXML and ZIP
– fix #1124940 – detect Python 3.4 byte-compiled files
* Fri Aug 22 2014 Jan Kaluza <jkaluza@redhat.com> – 5.19-4
– fix #1132787 – CVE-2014-3587
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 5.19-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> – 5.19-2
– fix license handling
* Wed Jun 25 2014 Jan Kaluza <jkaluza@redhat.com> – 5.19-1
– fix #1011789 – update to version 5.19
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 5.14-22
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 27 2014 Kalev Lember <kalevlember@gmail.com> – 5.14-21
– Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
* Tue Mar 25 2014 Jan Kaluza <jkaluza@redhat.com> – 5.14-20
– fix #1079847 – fix potential regression in Perl detection caused
by original patch for CVE-2013-7345
* Mon Mar 24 2014 Jan Kaluza <jkaluza@redhat.com> – 5.14-19
– fix redefinition of OFFSET_OOB in CVE-2014-2270 patch
* Mon Mar 24 2014 Jan Kaluza <jkaluza@redhat.com> – 5.14-18
– fix #1079847 – fix for CVE-2013-7345
– fix #1080450 – remove *.orig files before compiling magic/Magdir
* Fri Mar 7 2014 Jan Kaluza <jkaluza@redhat.com> – 5.14-17
– fix #1073555 – fix for CVE-2014-2270
* Tue Feb 25 2014 Jan Kaluza <jkaluza@redhat.com> – 5.14-16
– fix potential memory leak introduced in previous commit
* Tue Feb 18 2014 Jan Kaluza <jkaluza@redhat.com> – 5.14-15
– fix #1065837 – fix for CVE-2014-1943
* Wed Jan 15 2014 Jan Kaluza <jkaluza@redhat.com> – 5.14-14
– fix #1051598 – reverse the order of shebang vs. package keyword detection
in Perl by increasing strength of all Perl patterns
* Mon Sep 9 2013 Jan Kaluza <jkaluza@redhat.com> – 5.14-13
– fix #1001689 – fix segfault when calling magic_load twice
——————————————————————————–
References:
[ 1 ] Bug #1155071 – CVE-2014-3710 file: out-of-bounds read in elf note headers
https://bugzilla.redhat.com/show_bug.cgi?id=1155071
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update file’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2014-10-0018-ADV |
| Cve | CVE-2014-3710 CVE-2014-3587 CVE-2013-7345 CVE-2014-2270 CVE-2014-1943 |
| ID izvornika | FEDORA-2014-13571 |
| Proizvod | file |
| Izvor | http://www.redhat.com |
