On 09/01/2015, Christoph Biedl <[email protected]> wrote: > Package : file > Version : 5.04-5+squeeze9 > CVE ID : CVE-2014-8116 CVE-2014-8117 > Debian Bug : 773148 > > Multiple security issues have been found in file, a tool/library to > determine a file type. Processing a malformed file could result in > denial of service. Most of the changes are related to parsing ELF > files. > > As part of the fixes, several limits on aspects of the detection were > added or tightened, sometimes resulting in messages like "recursion > limit exceeded" or "too many program header sections". > > To mitigate such shortcomings, these limits are controllable by a new > "-R"/"--recursion" parameter in the file program. Note: A future > upgrade for file in squeeze-lts might replace this with the "-P" > parameter to keep usage consistent across all distributions. > > > CVE-2014-8116 > > The ELF parser (readelf.c) allows remote attackers to cause a > denial of service (CPU consumption or crash). > > CVE-2014-8117 > > softmagic.c does not properly limit recursion, which allows remote > attackers to cause a denial of service (CPU consumption or crash). > > (no identifier has been assigned so far) > > out-of-bounds memory access > >
II get the following error message; " An error has occured and downloading has been aborted. Error message: Failed to fetch http://http.debian.net/debian/pool/main/f/file/file_5.04-5+squeeze8_i386.deb 404 Not Found [IP: 46.4.205.44 80] Failed to fetch http://http.debian.net/debian/pool/main/f/file/libmagic1_5.04-5+squeeze8_i386.deb 404 Not Found [IP: 64.86.226.67 80] " -- Bret Busby Armadale West Australia .............. "So once you do know what the question actually is, you'll know what the answer means." - Deep Thought, Chapter 28 of Book 1 of "The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts", written by Douglas Adams, published by Pan Books, 1992 .................................................... -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/cacx6j8obptezkua+qouboq1upg8gdkszejdjkk5hhxseacx...@mail.gmail.com
