On 12/01/2015, Bret Busby <[email protected]> wrote: > On 09/01/2015, Christoph Biedl <[email protected]> wrote: >> Package : file >> Version : 5.04-5+squeeze9 >> CVE ID : CVE-2014-8116 CVE-2014-8117 >> Debian Bug : 773148 >> >> Multiple security issues have been found in file, a tool/library to >> determine a file type. Processing a malformed file could result in >> denial of service. Most of the changes are related to parsing ELF >> files. >> >> As part of the fixes, several limits on aspects of the detection were >> added or tightened, sometimes resulting in messages like "recursion >> limit exceeded" or "too many program header sections". >> >> To mitigate such shortcomings, these limits are controllable by a new >> "-R"/"--recursion" parameter in the file program. Note: A future >> upgrade for file in squeeze-lts might replace this with the "-P" >> parameter to keep usage consistent across all distributions. >> >> >> CVE-2014-8116 >> >> The ELF parser (readelf.c) allows remote attackers to cause a >> denial of service (CPU consumption or crash). >> >> CVE-2014-8117 >> >> softmagic.c does not properly limit recursion, which allows remote >> attackers to cause a denial of service (CPU consumption or crash). >> >> (no identifier has been assigned so far) >> >> out-of-bounds memory access >> >> > > II get the following error message; > > " > An error has occured and downloading has been aborted. > > Error message: > Failed to fetch > http://http.debian.net/debian/pool/main/f/file/file_5.04-5+squeeze8_i386.deb > 404 Not Found [IP: 46.4.205.44 80] > Failed to fetch > http://http.debian.net/debian/pool/main/f/file/libmagic1_5.04-5+squeeze8_i386.deb > 404 Not Found [IP: 64.86.226.67 80] > > " > >
Tried again using apt-get update then upgrade, and it worked. Synaptic is apparently broken, for updating packages. -- Bret Busby Armadale West Australia .............. "So once you do know what the question actually is, you'll know what the answer means." - Deep Thought, Chapter 28 of Book 1 of "The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts", written by Douglas Adams, published by Pan Books, 1992 .................................................... -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/cacx6j8ocjaxwxrutvkgc5utjodopmqhr4tjvubwrsyvazl_...@mail.gmail.com
