Summary: | <sys-apps/file-5.18: out-of-bounds memory access when parsing Portable Executable (PE) format files (CVE-2014-2270) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | base-system, sudormrfhalt | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1072220 | ||||||
Whiteboard: | A2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Agostino Sarubbo
2014-03-06 08:18:21 UTC
This is fixed in version 5.18 as per their release information Released 2014-03-26 http://bugs.gw.com/changelog_page.php 5.18-r1 and 5.19 both exists in tree. @maintainers: is =sys-apps/file-5.19 ready for stabilization? CVE-2014-2270 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270): softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. Created attachment 381674 [details, diff]
file-5.11-CVE-2014-2270.patch
@base-system, ping. Is it ready to go stable? sys-apps/file-5.22 already stable in tree, adding to existing GLSA draft along with bug 532768 This issue was resolved and addressed in GLSA 201503-08 at https://security.gentoo.org/glsa/201503-08 by GLSA coordinator Mikle Kolyada (Zlogene). |