ALAS-2014-398


Amazon Linux 1 Security Advisory: ALAS-2014-398
Advisory Release Date: 2014-09-03 14:38 Pacific
Advisory Updated Date: 2014-09-19 11:49 Pacific
Severity: Medium

Issue Overview:

Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.


Affected Packages:

file


Issue Correction:
Run yum update file to update your system.

New Packages:
i686:
    file-devel-5.19-4.19.amzn1.i686
    file-libs-5.19-4.19.amzn1.i686
    file-static-5.19-4.19.amzn1.i686
    file-debuginfo-5.19-4.19.amzn1.i686
    file-5.19-4.19.amzn1.i686

noarch:
    python-magic-5.19-4.19.amzn1.noarch

src:
    file-5.19-4.19.amzn1.src

x86_64:
    file-devel-5.19-4.19.amzn1.x86_64
    file-5.19-4.19.amzn1.x86_64
    file-static-5.19-4.19.amzn1.x86_64
    file-libs-5.19-4.19.amzn1.x86_64
    file-debuginfo-5.19-4.19.amzn1.x86_64