On Mon, Oct 15, 2007 at 11:57:57AM +1000, Matthew Hannigan wrote:
> [latest "file" from centos]
> As expected, it does have security fixes backported, namely
> CVE-2007-2799 file integer overflow
> CVE-2007-1536 heap overflow
also: checking with cve.mitre.org shows only these two
this year.
details:
CVE-2007-2799
Summary: Integer overflow in the "file" program 4.20,
when running on 32-bit systems, might allow user-assisted
attackers to execute arbitrary code via a large file
that triggers an overflow that bypasses an assert()
statement. NOTE: this issue is due to an incorrect patch
for CVE-2007-1536.
Published: 5/23/2007
CVSS Severity: 5.1 (Medium)
CVE-2007-1536 VU#606700
Summary: Integer underflow in the file_printf function
in the "file" program before 4.20 allows user-assisted
attackers to execute arbitrary code via a file that
triggers a heap-based buffer overflow.
Published: 3/20/2007
CVSS Severity: 9.3 (High)
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
