[Oraclevm-errata] OVMSA-2016-0050 Moderate: Oracle VM 3.4 file security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Fri May 13 16:02:50 PDT 2016
Oracle VM Security Advisory OVMSA-2016-0050
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
file-5.04-30.el6.x86_64.rpm
file-libs-5.04-30.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/file-5.04-30.el6.src.rpm
Description of changes:
[5.04-30]
- fix CVE-2014-3538 (unrestricted regular expression matching)
[5.04-29]
- fix #1284826 - try to read ELF header to detect corrupted one
[5.04-28]
- fix #1263987 - fix bugs found by coverity in the patch
[5.04-27]
- fix CVE-2014-3587 (incomplete fix for CVE-2012-1571)
- fix CVE-2014-3710 (out-of-bounds read in elf note headers)
- fix CVE-2014-8116 (multiple DoS issues (resource consumption))
- fix CVE-2014-8117 (denial of service issue (resource consumption))
- fix CVE-2014-9620 (limit the number of ELF notes processed)
- fix CVE-2014-9653 (malformed elf file causes access to uninitialized
memory)
[5.04-26]
- fix #809898 - add support for detection of Python 2.7 byte-compiled files
[5.04-25]
- fix #1263987 - fix coredump execfn detection on ppc64 and s390
[5.04-24]
- fix #966953 - include msooxml file in magic.mgc generation
[5.04-23]
- fix #966953 - increate the strength of MSOOXML magic patterns
[5.04-22]
- fix #1169509 - add support for Java 1.7 and 1.8
- fix #1243650 - comment out too-sensitive Pascal magic
- fix #1080453 - remove .orig files from magic directory
- fix #1161058 - add support for EPUB
- fix #1162149 - remove parts of patches patching .orig files
- fix #1154802 - fix detection of zip files containing file named mime
- fix #1246073 - fix detection UTF8 and UTF16 encoded XML files
- fix #1263987 - add new execfn to coredump output to show the real name of
executable which generated the coredump
- fix #809898 - add support for detection of Python 3.2-3.5
byte-compiled files
- fix #966953 - backport support for MSOOXML
More information about the Oraclevm-errata
mailing list