Incoming details
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Upstream patch: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4782ac407f7b8744abf6bb7fe9e60bdd2dffa64 commit e4782ac407f7b8744abf6bb7fe9e60bdd2dffa64 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-27 00:41:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-27 00:41:03 +0000 sys-apps/file: fix CVE-2019-18218 Bug: https://bugs.gentoo.org/698610 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../file/{file-5.37.ebuild => file-5.37-r1.ebuild} | 2 ++ sys-apps/file/files/file-5.37-CVE-2019-18218.patch | 36 ++++++++++++++++++++++ 2 files changed, 38 insertions(+)
x86 stable
amd64 stable
sparc stable
arm stable
hppa stable
arm64 stable
s390 stable
alpha stable
ppc64 stable
ppc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a99aaca71e0abc25aab4ae9d3a956eeff3e3968 commit 6a99aaca71e0abc25aab4ae9d3a956eeff3e3968 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-15 04:53:44 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-15 04:53:44 +0000 sys-apps/file: security cleanup (bug #698610) Bug: https://bugs.gentoo.org/698610 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> sys-apps/file/Manifest | 1 - sys-apps/file/file-5.36.ebuild | 126 ----------------------------------------- 2 files changed, 127 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0000f84ba4fc67e6869cffb4437d5b94fcf3d279 commit 0000f84ba4fc67e6869cffb4437d5b94fcf3d279 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-15 04:53:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-15 04:53:03 +0000 sys-apps/file: mark m68k & sh stable (bug #698610) Bug: https://bugs.gentoo.org/698610 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> sys-apps/file/file-5.37-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-24 at https://security.gentoo.org/glsa/202003-24 by GLSA coordinator Thomas Deutschmann (whissi).