oss-sec mailing list archives
Re: Bugs in "file" program VU#621745
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 29 Feb 2012 15:10:47 -0700
On 02/29/2012 10:52 AM, Florian Weimer wrote:
* Kurt Seifried:We recently pointed the CERT BFF at the ubiquitous "file" command and found a few bugs. While we've not proven the bugs to be exploitable, we've also not ruled out the possibility that they could be. Fixes were committed on Feb 16, 2012: https://github.com/glensc/file/commits/masterIf any of these are security issues please let me know and I will assign CVE #'s.file also provides a library, libmagic. This could lead to crashes of server processes which use libmagic. Debian will likely release a fix as a security update.
Fair enough but I'd like some details before issuing CVE's, like what are the actual security issues that have been fixed? -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- Bugs in "file" program VU#621745 CERT(R) Coordination Center (Feb 20)
- Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 20)
- Re: Bugs in "file" program VU#621745 Florian Weimer (Feb 29)
- Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 29)
- Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 29)
- Re: Bugs in "file" program VU#621745 Florian Weimer (Feb 29)
- <Possible follow-ups>
- Re: Bugs in "file" program VU#621745 Jan Lieskovsky (Mar 20)
- Re: Re: Bugs in "file" program VU#621745 Kurt Seifried (Mar 20)
- Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 20)