Summary: | <sys-apps/file-5.33-r2: out-of-bounds read via a crafted ELF file (CVE-2018-10360) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Schuhmacher <mynt1aa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | Flags: | bman:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=658766 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
sys-apps/file-5.33-r2
|
Runtime testing required: | --- |
Description
Florian Schuhmacher
2018-06-12 03:15:19 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=331976f64a3ac2e70aa62d6631db0e148f19d0fe commit 331976f64a3ac2e70aa62d6631db0e148f19d0fe Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-06-12 08:17:44 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-06-12 08:18:03 +0000 sys-apps/file: Avoid reading past the end of buffer (CVE-2018-10360) Bug: https://bugs.gentoo.org/657930 Package-Manager: Portage-2.3.40, Repoman-2.3.9 sys-apps/file/file-5.33-r2.ebuild | 127 +++++++++++++++++++++ sys-apps/file/files/file-5.33-CVE-2018-10360.patch | 18 +++ 2 files changed, 145 insertions(+) @ Arches, please test and mark stable: =sys-apps/file-5.33-r2 x86 stable amd64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa4bde38b42b69f1e976dd2a13d04939ee35dda6 commit aa4bde38b42b69f1e976dd2a13d04939ee35dda6 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-12 18:50:01 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-12 20:47:55 +0000 sys-apps/file: stable 5.33-r2 for sparc Bug: https://bugs.gentoo.org/657930 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" sys-apps/file/file-5.33-r2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=802ee540925704679d3677ba5366bb8998873cc2 commit 802ee540925704679d3677ba5366bb8998873cc2 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-15 09:34:41 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-15 09:34:41 +0000 sys-apps/file: stable 5.33-r2 for ia64, bug #657930 Bug: https://bugs.gentoo.org/657930 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" sys-apps/file/file-5.33-r2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) arm64 stable The rest was handled myself This should have been stabilized along with media-libs/sdl-pango-0.1.2-r1 (at least on amd64) (bug #655856). I filed bug #658766. GLSA request filed. This issue was resolved and addressed in GLSA 201806-08 at https://security.gentoo.org/glsa/201806-08 by GLSA coordinator Aaron Bauman (b-man). |