[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HFS+ specific vulnerability

Hi Brian,

On Fri, Jun 03, 2016 at 06:13:43PM +1000, Brian May wrote:
> Brian May <bam@debian.org> writes:
> 
> > I think there would need to be some code to disable the UDF code if it
> > isn't a UDF file system. Even if just for compression not
> > decompression. Still looking for this however.
> 
> Just realized I have been talking a lot of nonsense. UDF support isn't
> about compressing files from UDF file systems, it is about compressing
> UDF images. So yes, it is a format issue like Ben said, and it should
> get fixed.
> 
> I suspect that the HFS+ issue is not a problem, as I can't see the
> vulnerable code, however I will double check this again tomorrow.

Maybe it is worth additionally checking with the reporter of the
issues at TALOS, since
http://www.talosintel.com/reports/TALOS-2016-0093/ claims that as well
9.20 is affected.

HTH, Regards,
Salvatore
Reply to: