FS#42759 - [file] CVE-2014-3710: out-of-bounds read
Attached to Project:
Arch Linux
Opened by Levente Polyak (anthraxx) - Wednesday, 12 November 2014, 10:56 GMT
Last edited by Sébastien Luttringer (seblu) - Wednesday, 12 November 2014, 19:59 GMT
Opened by Levente Polyak (anthraxx) - Wednesday, 12 November 2014, 10:56 GMT
Last edited by Sébastien Luttringer (seblu) - Wednesday, 12 November 2014, 19:59 GMT
|
Details
Summary:
It has been reported [0] that file 5.20-1 is vulnerable to out-of-bounds read, tracked as CVE-2014-3710 [1]. Description: An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash. Mitigation: The problem has been fixed upstream [2] but no release is available yet. We recommend to backport the patch until a release is available. [0] https://bugzilla.redhat.com/show_bug.cgi?id=1155071 [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3710 [2] https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Wednesday, 12 November 2014, 19:59 GMT
Reason for closing: Fixed
Additional comments about closing: file-5.20-2
Wednesday, 12 November 2014, 19:59 GMT
Reason for closing: Fixed
Additional comments about closing: file-5.20-2