** EMBARGOED CONFIDENTIAL 2017-09-05 **
first affected version is file 5.29, released on 2016-10-25.
It is fixed in 5.32
Tentative CVE description
[VERSION]: file() after commit 9611f31313a93aa036389c5f3b15eea53510d4d1
(Oct 2016) Can you provide an acuall release #?
[DESCRIPTION]: An issue in file() was introduced in commit
9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker
overwrite a fixed 20 bytes stack buffer with a specially crafted .notes
section in an ELF binary. There are systems like amavisd-new that
automatically run file(1) on every email attachment, so let's hope
people compile with -fstack-protector in place and it holds. This was
fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
Public in http://www.openwall.com/lists/oss-security/2017/09/05/3
*** Bug 630732 has been marked as a duplicate of this bug. ***
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
@maintainer: ping for stabilization decision
please test and mark stable: =sys-apps/file-5.32
Stable on alpha.
arm stable, tested by Yury German
all arches done.
Thank you all,
@Maintainers please proceed to remove vulnerable versions.
Gentoo Security Padawan
Old vulnerable ebuilds dropped.
This issue was resolved and addressed in
GLSA 201710-02 at https://security.gentoo.org/glsa/201710-02
by GLSA coordinator Aaron Bauman (b-man).