Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Hello release team, [ same as for jessie in #-1, so just for completeness ] yet another security issue was found in file/libmagic: "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file" (CVE-2018-10360) https://security-tracker.debian.org/tracker/CVE-2018-10360 https://bugs.debian.org/901351 After a brief discussion with the security team we agreed this should be addressed in the upcoming point release, so here we go. Following the new policy, I've already uploaded file_5.30-1+deb9u2 to stable. Kind regards, Christoph Biedl -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.14.48 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect
diff -Nru file-5.30/debian/changelog file-5.30/debian/changelog
--- file-5.30/debian/changelog 2017-09-01 21:23:02.000000000 +0200
+++ file-5.30/debian/changelog 2018-06-11 23:16:09.000000000 +0200
@@ -1,3 +1,10 @@
+file (1:5.30-1+deb9u2) stable; urgency=high
+
+ * Avoid reading past the end of buffer. Closes: #901351
+ [CVE-2018-10360]
+
+ -- Christoph Biedl <debian.a...@manchmal.in-ulm.de> Mon, 11 Jun 2018
23:16:09 +0200
+
file (1:5.30-1+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
file-5.30/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
2018-06-11 23:16:09.000000000 +0200
@@ -0,0 +1,19 @@
+Subject: Avoid reading past the end of buffer (Rui Reis)
+ID: CVE-2018-10360
+Origin: FILE5_33-31-ga642587a
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Sat Jun 9 16:00:06 2018 +0000
+Bug-Debian: https://bugs.debian.org/901351
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -824,7 +824,8 @@
+
+ cname = (unsigned char *)
+ &nbuf[doff + prpsoffsets(i)];
+- for (cp = cname; *cp && isprint(*cp); cp++)
++ for (cp = cname; cp < nbuf + size && *cp
++ && isprint(*cp); cp++)
+ continue;
+ /*
+ * Linux apparently appends a space at the end
diff -Nru file-5.30/debian/patches/series file-5.30/debian/patches/series
--- file-5.30/debian/patches/series 2017-09-01 21:23:02.000000000 +0200
+++ file-5.30/debian/patches/series 2018-06-11 23:15:30.000000000 +0200
@@ -25,6 +25,7 @@
cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch
cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch
cherry-pick.FILE5_31-36-g35c94dc6.Fix-always-true-condition-Thomas-Jarosch.patch
+cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
# local modifications
local.support-local-definitions-in-etc-magic.patch
signature.asc
Description: PGP signature
