ELA-182-1 file security update

heap buffer overflow

2019-10-23
Packagefile
Version5.11-2+deb7u11
Related CVE CVE-2019-18218

An issue has been found in file, a tool to determine file types by using magic numbers.

The number of CDF_VECTOR elements had to be restricted in order to prevent a heap-based buffer overflow (4-byte out-of-bounds write).

For Debian 7 Wheezy, these problems have been fixed in version 5.11-2+deb7u11.

We recommend that you upgrade your file packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/