Summary: | <sys-apps/file-5.37-r1: heap-based buffer overflow in cdf_read_property_info in cdf.c (CVE-2019-18218) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | base-system |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
sys-apps/file-5.37-r1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-10-27 00:26:57 UTC
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Upstream patch: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4782ac407f7b8744abf6bb7fe9e60bdd2dffa64 commit e4782ac407f7b8744abf6bb7fe9e60bdd2dffa64 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-27 00:41:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-27 00:41:03 +0000 sys-apps/file: fix CVE-2019-18218 Bug: https://bugs.gentoo.org/698610 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../file/{file-5.37.ebuild => file-5.37-r1.ebuild} | 2 ++ sys-apps/file/files/file-5.37-CVE-2019-18218.patch | 36 ++++++++++++++++++++++ 2 files changed, 38 insertions(+) x86 stable amd64 stable sparc stable arm stable hppa stable arm64 stable s390 stable alpha stable ppc64 stable ppc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a99aaca71e0abc25aab4ae9d3a956eeff3e3968 commit 6a99aaca71e0abc25aab4ae9d3a956eeff3e3968 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-15 04:53:44 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-15 04:53:44 +0000 sys-apps/file: security cleanup (bug #698610) Bug: https://bugs.gentoo.org/698610 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> sys-apps/file/Manifest | 1 - sys-apps/file/file-5.36.ebuild | 126 ----------------------------------------- 2 files changed, 127 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0000f84ba4fc67e6869cffb4437d5b94fcf3d279 commit 0000f84ba4fc67e6869cffb4437d5b94fcf3d279 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-15 04:53:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-15 04:53:03 +0000 sys-apps/file: mark m68k & sh stable (bug #698610) Bug: https://bugs.gentoo.org/698610 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> sys-apps/file/file-5.37-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202003-24 at https://security.gentoo.org/glsa/202003-24 by GLSA coordinator Thomas Deutschmann (whissi). |