oss-sec mailing list archives

Re: Bugs in "file" program VU#621745

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 29 Feb 2012 18:52:30 +0100

* Kurt Seifried:

We recently pointed the CERT BFF at the ubiquitous "file" command
and found a few bugs.  While we've not proven the bugs to be
exploitable, we've also not ruled out the possibility that they
could be.

Fixes were committed on Feb 16, 2012: 
https://github.com/glensc/file/commits/master

If any of these are security issues please let me know and I will
assign CVE #'s.


file also provides a library, libmagic.  This could lead to crashes of
server processes which use libmagic.  Debian will likely release a fix
as a security update.

Current thread:

Bugs in "file" program VU#621745 CERT(R) Coordination Center (Feb 20)
- Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 20)
  - Re: Bugs in "file" program VU#621745 Florian Weimer (Feb 29)
    - Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 29)
    - Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 29)
- <Possible follow-ups>
- Re: Bugs in "file" program VU#621745 Jan Lieskovsky (Mar 20)
  - Re: Re: Bugs in "file" program VU#621745 Kurt Seifried (Mar 20)