Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
View Bug Activity | Format For Printing | XML | Clone This Bug
file-4.20 has a problem with current glibc (I'm on 2.5) handling of a particular regular expression that identifies OS/2 REXX files. This came up in the above URL as a potential Denial of Service for anything that uses file to identify files, includes file code. I've verified the behavior as a DoS (checking the sample file takes file on the order of 30 minutes). vapier has already patched this in 4.20-r1, we just need to stabilize it and remove 4.20. The issue is not present in file-4.19 (also tested and verified), and is probably not present in lower versions either.
setting status, arches please stabilize sys-apps/file-4.20-r1, thanks!
Seems like it's already stable: angelos@odin ~ % grep KEYWORDS /usr/portage/sys-apps/file/file-4.20-r1.ebuild 16:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
Nothing to do. :)
yes, I am an idiot. Moving to glsa status.
GLSA 200704-13, thanks everybody!
*** Bug 181099 has been marked as a duplicate of this bug. ***
*** Bug 181179 has been marked as a duplicate of this bug. ***
Reopening since it seems like it was not properly fixed in 4.21 which is now stable on some arches. http://marc.info/?l=amavis-user&m=118107086309360&w=2 Vapier please patch.
(In reply to comment #8) > Reopening since it seems like it was not properly fixed in 4.21 which is now > stable on some arches. > > http://marc.info/?l=amavis-user&m=118107086309360&w=2 > i think it is already fixed. "update to file 4.21 or newer" CVE-2007-2799/GLSA-200705-25 fixes a buffer overflow introduced by the incorrect fix of CVE-2007-1536/GLSA-200703-26. CVE-2007-2026/GLSA-200704-13 is the regexp DoS issue. All these issues are fixed in file-4.21. Letme reclose this bug, feel free to reopen if you disagree.
Here we go again:) See under 4. Additional information An unrelated CVE-2007-2026 DoS vulnerability of a file(1) utility linked with a POSIX regex(3) library on Linux systems (but not *BSD systems) is still unresolved in file-4.21, because the offending two lines in a file 'magic' were not removed by mistake, even though their correct replacements were added.
you're right... i've checked the source, indeed... (lol) back to [ebuild] status then. The following lines should probably be removed from the msdos magic file, but i have not seen any confirmation. 100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text 100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text
*** Bug 181946 has been marked as a duplicate of this bug. ***
any word on this? The source hasn't been updated since May 24th - we could just remove the lines ourselves?
added 4.21-r1 with patch to remove second regex
and here we go again :) arches, please test and mark stable. Target keywords are: file-4.21-r1.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
mips stable.
sys-apps/file-4.21-r1 USE="python" 1. Emerges on AMD64. 2. No collisions etc. 3. Old version is vulnerable to the file mentioned in URL while 4.21-r1 isn't. I known it have not been in the tree for 30 days, but this is security so please mark stable. Portage 2.1.2.9 (default-linux/amd64/2006.1/desktop, gcc-4.1.2, glibc-2.5-r3, 2.6.20-gentoo-r8 x86_64) ================================================================= System uname: 2.6.20-gentoo-r8 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Gentoo Base System release 1.12.9 Timestamp of tree: Wed, 11 Jul 2007 21:50:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r7 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.23b virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O3 -msse3 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-march=nocona -O3 -msse3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distcc distlocks metadata-transfer multilib-strict sandbox sfperms strict test" GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://ftp.du.se/pub/os/gentoo http://trumpetti.atm.tut.fi/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://ds.thn.htu.se/linux/gentoo" LC_ALL="en_DK.utf8" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X a52 aac acpi aiglx alsa amd64 arts atk berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dga directfb dri dts dvd dvdr dvdread eds emboss encode fam fbcn ffmpeg firefox fortran ftp gd gdbm gif gphoto2 gpm gstreamer gtk gtk2 hal iconv icq ieee1394 ipv6 isdnlog java jpeg kde libg++ lm_sensors mad midi mikmod mjpeg mozilla mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly ogg oggvorbis opengl openmp pam pcre pda pdf perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl session spell spl sse3 ssl tcpd test threads tiff truetype truetype-fonts type1-fonts unicode vorbis xcomposite xml xorg xscreensaver xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="radeon" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
alpha/ia64/x86 stable
amd64 stable
ppc stable
Stable for HPPA.
sparc stable.
=sys-apps/file-4.21-r1 stable on ppc64
Ready for GLSA Update of GLSA 200704-13
glsa 200704-13 finally updated, sorry for the delay.
