Your message dated Thu, 27 Mar 2014 20:36:18 +0100
with message-id <20140327193618.GA17272@eldamar.local>
and subject line php5: CVE-2014-1943: crafted files might result in long
computation times
has caused the Debian Bug report #739012,
regarding php5: CVE-2014-1943: crafted files might result in long computation
times
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
739012: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739012
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: file
Version: 5.11-2
Severity: grave
Tags: security
[ Re-sent to BTS by request of the security team, also updated ]
a bug in the handling of "indirect" magic rules of libmagic leads to
an infinite recursion when trying to determine the file type of
certain files. The has been assigned CVE-2014-1943. Additionally,
other well-crafted files might result in long computation times (five
seconds for a single file while using 100% CPU) and overlong results
(~400k line), something some applications that operate on the file
result might not handle in a sane way.
The issue has been made public by Bernd Melchers who initially found
this bug: http://mx.gw.com/pipermail/file/2014/001327.html
Impact is two-layered. The bug itself has been introduced years ago
(pre oldstable). From jessie on, the default magic file as shipped in
the package contains a file magic rule that is exploitable for a
segmentation fault.
In other words:
jessie: Always affected and in full scale.
squeeze/wheezy: Segmentation fault when using non-standard magic
files that use "indirect" in a certain way. Still vulnerable for the
"computation time" and "overlong" issues mentioned above.
Upstream released 5.17 last night, fixing the bug for all
reproducers I have in my collection. Backporting the patch is not
trivial but hopefully feasible. I'll give that a try later the day.
Christoph
--- End Message ---
--- Begin Message ---
Source: php5
Source-Version: 5.5.10+dfsg-1
This bug was fixed upstream in 5.5.10.
Regards,
Salvatore
--- End Message ---
