Re: HFS+ specific vulnerability
Hi Brian,
On Fri, Jun 03, 2016 at 06:13:43PM +1000, Brian May wrote:
> Brian May <bam@debian.org> writes:
>
> > I think there would need to be some code to disable the UDF code if it
> > isn't a UDF file system. Even if just for compression not
> > decompression. Still looking for this however.
>
> Just realized I have been talking a lot of nonsense. UDF support isn't
> about compressing files from UDF file systems, it is about compressing
> UDF images. So yes, it is a format issue like Ben said, and it should
> get fixed.
>
> I suspect that the HFS+ issue is not a problem, as I can't see the
> vulnerable code, however I will double check this again tomorrow.
Maybe it is worth additionally checking with the reporter of the
issues at TALOS, since
http://www.talosintel.com/reports/TALOS-2016-0093/ claims that as well
9.20 is affected.
HTH, Regards,
Salvatore
Reply to: