file-5.29-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10221-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z file-5.29-2.1 on GA media These are all security issues fixed in the file-5.29-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10221 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2012-1571/ SUSE CVE CVE-2012-1571 page https://www.suse.com/security/cve/CVE-2014-3710/ SUSE CVE CVE-2014-3710 page https://www.suse.com/security/cve/CVE-2014-8116/ SUSE CVE CVE-2014-8116 page https://www.suse.com/security/cve/CVE-2014-8117/ SUSE CVE CVE-2014-8117 page openSUSE Tumbleweed file-5.29-2.1 file-devel-5.29-2.1 file-devel-32bit-5.29-2.1 file-magic-5.29-2.1 libmagic1-5.29-2.1 libmagic1-32bit-5.29-2.1 file-5.29-2.1 as a component of openSUSE Tumbleweed file-devel-5.29-2.1 as a component of openSUSE Tumbleweed file-devel-32bit-5.29-2.1 as a component of openSUSE Tumbleweed file-magic-5.29-2.1 as a component of openSUSE Tumbleweed libmagic1-5.29-2.1 as a component of openSUSE Tumbleweed libmagic1-32bit-5.29-2.1 as a component of openSUSE Tumbleweed file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. CVE-2012-1571 openSUSE Tumbleweed:file-5.29-2.1 openSUSE Tumbleweed:file-devel-32bit-5.29-2.1 openSUSE Tumbleweed:file-devel-5.29-2.1 openSUSE Tumbleweed:file-magic-5.29-2.1 openSUSE Tumbleweed:libmagic1-32bit-5.29-2.1 openSUSE Tumbleweed:libmagic1-5.29-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1571.html CVE-2012-1571 https://bugzilla.suse.com/753303 SUSE Bug 753303 https://bugzilla.suse.com/883306 SUSE Bug 883306 https://bugzilla.suse.com/884986 SUSE Bug 884986 https://bugzilla.suse.com/987530 SUSE Bug 987530 The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. CVE-2014-3710 openSUSE Tumbleweed:file-5.29-2.1 openSUSE Tumbleweed:file-devel-32bit-5.29-2.1 openSUSE Tumbleweed:file-devel-5.29-2.1 openSUSE Tumbleweed:file-magic-5.29-2.1 openSUSE Tumbleweed:libmagic1-32bit-5.29-2.1 openSUSE Tumbleweed:libmagic1-5.29-2.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3710.html CVE-2014-3710 https://bugzilla.suse.com/902367 SUSE Bug 902367 https://bugzilla.suse.com/910252 SUSE Bug 910252 The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. CVE-2014-8116 openSUSE Tumbleweed:file-5.29-2.1 openSUSE Tumbleweed:file-devel-32bit-5.29-2.1 openSUSE Tumbleweed:file-devel-5.29-2.1 openSUSE Tumbleweed:file-magic-5.29-2.1 openSUSE Tumbleweed:libmagic1-32bit-5.29-2.1 openSUSE Tumbleweed:libmagic1-5.29-2.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8116.html CVE-2014-8116 https://bugzilla.suse.com/910252 SUSE Bug 910252 https://bugzilla.suse.com/910253 SUSE Bug 910253 https://bugzilla.suse.com/917152 SUSE Bug 917152 softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. CVE-2014-8117 openSUSE Tumbleweed:file-5.29-2.1 openSUSE Tumbleweed:file-devel-32bit-5.29-2.1 openSUSE Tumbleweed:file-devel-5.29-2.1 openSUSE Tumbleweed:file-magic-5.29-2.1 openSUSE Tumbleweed:libmagic1-32bit-5.29-2.1 openSUSE Tumbleweed:libmagic1-5.29-2.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8117.html CVE-2014-8117 https://bugzilla.suse.com/910252 SUSE Bug 910252 https://bugzilla.suse.com/910253 SUSE Bug 910253 https://bugzilla.suse.com/917152 SUSE Bug 917152