630732 – sys-apps/file: Fix always true condition via commit

Bug 630732 - sys-apps/file: Fix always true condition via commit

Summary: sys-apps/file: Fix always true condition via commit

Status:	RESOLVED DUPLICATE of bug 629872

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2017-09-11 20:54 UTC by D'juan McDonald (domhnall)
Modified:	2017-09-11 21:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-09-11 20:54:46 UTC

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. 

This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).


Upstream Patch:
(https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793)

CVE Details:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000249)

-----------------------------------------------------------------------------

@maintainer(s), after bump, please call stabilization if needed. Thank you

Daj Uan (jmbailey/mbailey_j)
Gentoo Security Padawan

Comment 1 D'juan McDonald (domhnall) 2017-09-11 20:56:00 UTC


*** This bug has been marked as a duplicate of bug 629872 ***