[El-errata] ELSA-2015-2155 Moderate: Oracle Linux 7 file security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Nov 23 18:58:17 PST 2015


Oracle Linux Security Advisory ELSA-2015-2155

http://linux.oracle.com/errata/ELSA-2015-2155.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
file-5.11-31.el7.x86_64.rpm
file-devel-5.11-31.el7.i686.rpm
file-devel-5.11-31.el7.x86_64.rpm
file-libs-5.11-31.el7.i686.rpm
file-libs-5.11-31.el7.x86_64.rpm
file-static-5.11-31.el7.i686.rpm
file-static-5.11-31.el7.x86_64.rpm
python-magic-5.11-31.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/file-5.11-31.el7.src.rpm



Description of changes:

[5.11-31]
- fix #1255396 - Make the build ID output consistent with other tools

[5.11-30]
- fix CVE-2014-8116 - bump the acceptable ELF program headers count to 2048

[5.11-29]
- fix #839229 - fix detection of version of XML files

[5.11-28]
- fix #839229 - fix detection of version of XML files

[5.11-27]
- fix CVE-2014-0207 - cdf_read_short_sector insufficient boundary check
- fix CVE-2014-0237 - cdf_unpack_summary_info() excessive looping DoS
- fix CVE-2014-0238 - CDF property info parsing nelements infinite loop
- fix CVE-2014-3478 - mconvert incorrect handling of truncated pascal string
- fix CVE-2014-3479 - fix extensive backtracking in regular expression
- fix CVE-2014-3480 - cdf_count_chain insufficient boundary check
- fix CVE-2014-3487 - cdf_read_property_info insufficient boundary check
- fix CVE-2014-3538 - unrestricted regular expression matching
- fix CVE-2014-3587 - fix cdf_read_property_info
- fix CVE-2014-3710 - out-of-bounds read in elf note headers
- fix CVE-2014-8116 - multiple denial of service issues (resource 
consumption)
- fix CVE-2014-8117 - denial of service issue (resource consumption)
- fix CVE-2014-9652 - out of bounds read in mconvert()
- fix CVE-2014-9653 - malformed elf file causes access to uninitialized 
memory

[5.11-26]
- fix #1080452 - remove .orig files from magic directory

[5.11-25]
- fix #1224667, #1224668 - show additional info for Linux swap files

[5.11-24]
- fix #1064268 - fix stray return -1

[5.11-23]
- fix #1094648 - improve Minix detection pattern to fix false positives
- fix #1161912 - trim white-spaces during ISO9660 detection
- fix #1157850 - fix detection of ppc64le ELF binaries
- fix #1161911 - display "from" field on 32bit ppc core
- fix #1064167 - revert MAXMIME patch
- fix #1064268 - detect Dwarf debuginfo as "not stripped"
- fix #1082689 - fix invalid read when matched pattern is the last one tried
- fix #1080362 - remove deadcode and OFFSET_OOB redefinition

[5.11-22]
- fix #1067688 - add support for aarch64 ELF binaries





More information about the El-errata mailing list