Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hello release team, yet another security issue was found in file/libmagic: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file" (CVE-2018-10360) https://security-tracker.debian.org/tracker/CVE-2018-10360 https://bugs.debian.org/901351 After a brief discussion with the security team we agreed this should be addressed in the upcoming point release, so here we go. Following the new policy, I've already uploaded file_5.22+15-2+deb8u4 to oldstable. Kind regards, Christoph Biedl -- System Information: Debian Release: 8.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-proposed-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.14.48 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
diff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog
--- file-5.22+15/debian/changelog 2016-12-04 10:00:07.000000000 +0100
+++ file-5.22+15/debian/changelog 2018-06-11 23:24:19.000000000 +0200
@@ -1,3 +1,10 @@
+file (1:5.22+15-2+deb8u4) oldstable; urgency=high
+
+ * Avoid reading past the end of buffer. Closes: #901351
+ [CVE-2018-10360]
+
+ -- Christoph Biedl <debian.a...@manchmal.in-ulm.de> Mon, 11 Jun 2018
23:24:19 +0200
+
file (1:5.22+15-2+deb8u3) stable; urgency=medium
* Fix memory leak in magic loader. Closes: #840754
diff -Nru
file-5.22+15/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
file-5.22+15/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
---
file-5.22+15/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.22+15/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
2018-06-11 23:24:19.000000000 +0200
@@ -0,0 +1,19 @@
+Subject: Avoid reading past the end of buffer (Rui Reis)
+ID: CVE-2018-10360
+Origin: FILE5_33-31-ga642587a
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Sat Jun 9 16:00:06 2018 +0000
+Bug-Debian: https://bugs.debian.org/901351
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -789,7 +789,8 @@
+
+ cname = (unsigned char *)
+ &nbuf[doff + prpsoffsets(i)];
+- for (cp = cname; *cp && isprint(*cp); cp++)
++ for (cp = cname; cp < nbuf + size && *cp
++ && isprint(*cp); cp++)
+ continue;
+ /*
+ * Linux apparently appends a space at the end
diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series
--- file-5.22+15/debian/patches/series 2016-12-04 09:50:30.000000000 +0100
+++ file-5.22+15/debian/patches/series 2018-06-11 23:23:32.000000000 +0200
@@ -15,3 +15,4 @@
CVE-2015-8865.6713ca4.patch
cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch
+cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
signature.asc
Description: PGP signature
