Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Bugs in "file" program VU#621745
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 29 Feb 2012 15:10:47 -0700

On 02/29/2012 10:52 AM, Florian Weimer wrote:
* Kurt Seifried:

We recently pointed the CERT BFF at the ubiquitous "file" command
and found a few bugs.  While we've not proven the bugs to be
exploitable, we've also not ruled out the possibility that they
could be.

Fixes were committed on Feb 16, 2012: 
https://github.com/glensc/file/commits/master

If any of these are security issues please let me know and I will
assign CVE #'s.

file also provides a library, libmagic.  This could lead to crashes of
server processes which use libmagic.  Debian will likely release a fix
as a security update.

Fair enough but I'd like some details before issuing CVE's, like what
are the actual security issues that have been fixed?

-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]