Thomas Jarosch of Intra2net AG reported a denial of service issue (resource consumption) in the ELF parser used by file(1). Using file(1) on a specially-crafted ELF binary could lead to a denial of service (resource consumption). Upstream fix: https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c Due to some regressions found when testing, the following commits are also required: https://github.com/file/file/commit/8a905717660395b38ec4966493f6f1cf2f33946c https://github.com/file/file/commit/90018fe22ff8b74a22fcd142225b0a00f3f12677 https://github.com/file/file/commit/6bf45271eb8e0e6577b92042ce2003ba998d1686 Refer also to bug 1171580 (CVE-2014-8116). Acknowledgements: Name: Thomas Jarosch (Intra2net AG)
Created file tracking bugs for this issue: Affects: fedora-all [bug 1174608]
file-5.22-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0760 https://rhn.redhat.com/errata/RHSA-2016-0760.html