** EMBARGOED CONFIDENTIAL 2017-09-05 ** first affected version is file 5.29, released on 2016-10-25. It is fixed in 5.32 ## Tentative CVE description [PRODUCT]: file [VERSION]: file() after commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) Can you provide an acuall release #? [PROBLEMTYPE]: CWE-121 [REFERENCES]: https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793 https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d1 [DESCRIPTION]: An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. There are systems like amavisd-new that automatically run file(1) on every email attachment, so let's hope people compile with -fstack-protector in place and it holds. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
Public in http://www.openwall.com/lists/oss-security/2017/09/05/3
*** Bug 630732 has been marked as a duplicate of this bug. ***
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
@maintainer: ping for stabilization decision
<base-system hat> @ Arches, please test and mark stable: =sys-apps/file-5.32 </base-system hat>
x86 stable
ia64 stable
hppa stable
ppc64 stable
ppc stable
Stable on alpha.
amd64 stable
arm stable, tested by Yury German
all arches done.
Thank you all, @Maintainers please proceed to remove vulnerable versions. Gentoo Security Padawan ChrisADR
Old vulnerable ebuilds dropped.
This issue was resolved and addressed in GLSA 201710-02 at https://security.gentoo.org/glsa/201710-02 by GLSA coordinator Aaron Bauman (b-man).