[El-errata] ELSA-2016-0760 Moderate: Oracle Linux 6 file security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri May 13 10:49:18 PDT 2016 

Oracle Linux Security Advisory ELSA-2016-0760

http://linux.oracle.com/errata/ELSA-2016-0760.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
file-5.04-30.el6.i686.rpm
file-devel-5.04-30.el6.i686.rpm
file-libs-5.04-30.el6.i686.rpm
file-static-5.04-30.el6.i686.rpm
python-magic-5.04-30.el6.i686.rpm

x86_64:
file-5.04-30.el6.x86_64.rpm
file-devel-5.04-30.el6.i686.rpm
file-devel-5.04-30.el6.x86_64.rpm
file-libs-5.04-30.el6.i686.rpm
file-libs-5.04-30.el6.x86_64.rpm
file-static-5.04-30.el6.x86_64.rpm
python-magic-5.04-30.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/file-5.04-30.el6.src.rpm



Description of changes:

[5.04-30]
- fix CVE-2014-3538 (unrestricted regular expression matching)

[5.04-29]
- fix #1284826 - try to read ELF header to detect corrupted one

[5.04-28]
- fix #1263987 - fix bugs found by coverity in the patch

[5.04-27]
- fix CVE-2014-3587 (incomplete fix for CVE-2012-1571)
- fix CVE-2014-3710 (out-of-bounds read in elf note headers)
- fix CVE-2014-8116 (multiple DoS issues (resource consumption))
- fix CVE-2014-8117 (denial of service issue (resource consumption))
- fix CVE-2014-9620 (limit the number of ELF notes processed)
- fix CVE-2014-9653 (malformed elf file causes access to uninitialized 
memory)

[5.04-26]
- fix #809898 - add support for detection of Python 2.7 byte-compiled files

[5.04-25]
- fix #1263987 - fix coredump execfn detection on ppc64 and s390

[5.04-24]
- fix #966953 - include msooxml file in magic.mgc generation

[5.04-23]
- fix #966953 - increate the strength of MSOOXML magic patterns

[5.04-22]
- fix #1169509 - add support for Java 1.7 and 1.8
- fix #1243650 - comment out too-sensitive Pascal magic
- fix #1080453 - remove .orig files from magic directory
- fix #1161058 - add support for EPUB
- fix #1162149 - remove parts of patches patching .orig files
- fix #1154802 - fix detection of zip files containing file named "mime"
- fix #1246073 - fix detection UTF8 and UTF16 encoded XML files
- fix #1263987 - add new "execfn" to coredump output to show the real 
name of
   executable which generated the coredump
- fix #809898 - add support for detection of Python 3.2-3.5 
byte-compiled files
- fix #966953 - backport support for MSOOXML

More information about the El-errata mailing list