Page MenuHomeSolus
Differential D935

Update file to 5.32 to address CVE-2017-1000249
ClosedPublic
Actions

Authored by kyrios123 on Sep 2 2017, 5:16 PM.
Tags
Referenced Files
F11013231: D935.diff
Fri, Aug 4, 11:20 AM
F10979066: D935.diff
Sat, Jul 22, 10:04 PM
F10792846: D935.diff
May 27 2023, 8:41 AM
F10705426: D935.diff
Apr 26 2023, 9:15 AM
Subscribers
DataDrake
JoshStrobl
sunnyflunk

Details

Reviewers
DataDrake
Group Reviewers
Triage Team
Commits
R750:e1353ec1a581: Update file to 5.32 to address CVE-2017-1000249
Summary

file contains a stack based buffer overflow when parsing a
specially crafted input file.

The issue lets an attacker overwrite a fixed 20 bytes stack buffer
with a specially crafted .notes section in an ELF binary file.

  • Always reset state in {file,buffer}_apprentice
  • pickier parsing of numeric values in magic files.
  • PR/615 add magic_getflags()

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan
$ file file-5.32-11-1-x86_64.eopkg 
file-5.32-11-1-x86_64.eopkg: Zip archive data, at least v2.0 to extract
$ file package.yml 
package.yml: ASCII text

Diff Detail

Repository
R750 file
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kyrios123 created this revision.Sep 2 2017, 5:16 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptSep 2 2017, 5:16 PM
DataDrake accepted this revision.Sep 2 2017, 5:20 PM
DataDrake added a subscriber: DataDrake.

LGTM. Thanks!

This revision is now accepted and ready to land.Sep 2 2017, 5:20 PM
sunnyflunk retitled this revision from Update file to 5.32 to Update file to 5.32 to address CVE-2017-1000249.Sep 6 2017, 2:45 AM
sunnyflunk edited the summary of this revision. (Show Details)
sunnyflunk edited the test plan for this revision. (Show Details)
sunnyflunk added a subscriber: sunnyflunk.

Publishing (and redone the git log) as now a security update

Closed by commit R750:e1353ec1a581: Update file to 5.32 to address CVE-2017-1000249 (authored by kyrios123, committed by sunnyflunk). · Explain WhySep 6 2017, 2:51 AM
This revision was automatically updated to reflect the committed changes.
kyrios123 added a comment.Sep 8 2017, 8:12 PM
In D935#13882, @sunnyflunk wrote:

Publishing (and redone the git log) as now a security update

Is it normal that it wasn't published on the master branch ?

JoshStrobl added a subscriber: JoshStrobl.Sep 8 2017, 8:24 PM

@kyrios123 No, @sunnyflunk must've forgotten to arc land the patch and was working off the arc patch branch.

JoshStrobl added a comment.Sep 8 2017, 8:26 PM

I went ahead and merged it into the master branch.

kyrios123 added a comment.Sep 8 2017, 8:27 PM

Thanks @JoshStrobl

Revision Contents
Changeset List

PathSize
1 line
8 lines
16 lines

Diff 2105

View Options

abi_symbols

Loading...
View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.