oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bugs in "file" program VU#621745

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 20 Feb 2012 14:49:28 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/20/2012 10:53 AM, CERT(R) Coordination Center wrote:

Hi folks,

We recently pointed the CERT BFF at the ubiquitous "file" command
and found a few bugs.  While we've not proven the bugs to be
exploitable, we've also not ruled out the possibility that they
could be.

Fixes were committed on Feb 16, 2012: 
https://github.com/glensc/file/commits/master


Thank you, Will Dormann

============================= Vulnerability Analyst CERT
Coordination Center 4500 Fifth Ave. Pittsburgh, PA 15213 
1-412-268-7090 =============================



If any of these are security issues please let me know and I will
assign CVE #'s.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPQr/oAAoJEBYNRVNeJnmTlZcP/2jltmmsUM84A5nH+JjWREDn
m7Ywd2Jbo/fxr9c09jjakHscVqJLA1VjBtKOB7zcWYyR6St7P4vAIsQMo1yWGel9
fz9W5mfSKxErHM4nlFhaHOND8B1KQ73Dtk5ojDPkGuRfDxkT86rEraOPyccMTVue
xNz4P9+X8tgz0M5Zlrflm2CkyN3K9ls0ZZffFQsjAdOaEMuTkkq+POSGHvgN378r
oStze+kvg+aS2klP0D7ik7A3DJYzaFiRw425AgXaFkHPtR+AMt6/fopOSRv+x+wB
A4THNe7G0LEA1dxBNmCFaG+FW9e8SZjlRkoDfmpT4vVFcumB1pEK4R6a4E5nOH4w
xKmaKIc2x7nBTMKjZfiFWr7reb4+Ml9WvR5RGOf4zsTR8HRqYZxzfQAkSCzi0rPZ
kvNTRAvvHYFeKQy+XZZD+AZoIrj8y62foH2YKrEBnwp7y+7J4kKZHdkIGZjn8g9L
mhb0YXTZuH4OcT+dNE1SryvWCeNmc9cY+GKQ/Fl+rmIqeO5fqDLunzbqGmGYvA7J
Xyhx8bXmjBfkPm2yYKokAGdpR8qsWWLwnAphnM+TLRSK/ro7E+PBW1rl9Ioz3//v
Qljs+CcIjx4iff14JBazuACQ0kORy8uG9tQBq48uwSQDB2apHOHPJ2EAT47tJkXG
KL5sxD25MfFrCMH0dj40
=GhYv
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: