This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201503-08">
<title>file: Denial of service</title>
<synopsis>Vulnerabilities in file could allow a context-dependent attack to
create a Denial of Service condition.
</synopsis>
<producttype="ebuild">file,Dos</product>
<announced>2015-03-16</announced>
<revisedcount="1">2015-03-16</revised>
<bug>503582</bug>
<bug>532768</bug>
<access>local, remote</access>
<affected>
<packagename="sys-apps/file"auto="yes"arch="*">
<unaffectedrange="ge">5.22</unaffected>
<vulnerablerange="lt">5.22</vulnerable>
</package>
</affected>
<background>
<p>The file utility attempts to identify a file’s format by scanning
binary data for patterns.
</p>
</background>
<description>
<p>Multiple issues with the ELF parser used by the file utility have been
detected and fixed.
</p>
</description>
<impacttype="normal">
<p>A context-dependent attacker can cause Denial of Service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All file users should upgrade to the latest version:</p>