[debian-lts] file package
Hi all,
I would like to send the debdiff file for file package.
Could any one please review it and give me some comments.
This fix is for error where malformed elf file causes access to
uninitialized memory as reported in CVE-2014-9653.
readelf.c use read() in several places and only check for -1 is
not sufficient in case file was partial read.
Thanks and best regards
Cong
--
=====================================================================
Nguyen The Cong (Mr)
Software Engineer
Toshiba Software Development (Vietnam) Co.,Ltd
519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam
tel: +84-4-2220 8801 (Ext. 208)
e-mail: cong.nguyenthe@toshiba-tsdv.com
=====================================================================
Note: This e-mail message may contain personal information or confidential information. If you are not the addressee of this message, please delete this message and kindly notify the sender as soon as possible - do not copy, use, or disclose this message.
diff -u file-5.04/debian/changelog file-5.04/debian/changelog
--- file-5.04/debian/changelog
+++ file-5.04/debian/changelog
@@ -1,3 +1,11 @@
+file (5.04-5+squeeze10) squeeze-lts; urgency=low
+
+ * Non-maintainer upload by the Debian LTS team
+ * Fix malformed elf file causes access to uninitialized memory
+ as reported in CVE-2014-9653.
+
+ -- Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com> Fri, 13 Feb 2015 11:42:50 +0700
+
file (5.04-5+squeeze9) squeeze-lts; urgency=high
* Fix several security issues, Closes: #773148
diff -u file-5.04/debian/patches/series file-5.04/debian/patches/series
--- file-5.04/debian/patches/series
+++ file-5.04/debian/patches/series
@@ -111,0 +112 @@
+CVE-2014-9653.patch
only in patch2:
unchanged:
--- file-5.04.orig/debian/patches/CVE-2014-9653.patch
+++ file-5.04/debian/patches/CVE-2014-9653.patch
@@ -0,0 +1,42 @@
+Description: Bail out on partial reads
+ readelf.c uses read() in several places and checks only for -1 in most
+ of them. Hence it's happy with partial reads and valgrind show various
+ errors concerning uninitialised values in such cases.
+Origin: upstream
+ https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
+Bug:
+ http://mx.gw.com/pipermail/file/2014/001649.html
+ http://bugs.gw.com/view.php?id=409
+Applied-Upstream: commit 445c8fb0ebff85195be94cd9f7e1df89cade5c7f
+Last-Update: 2015-02-13
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -330,7 +330,7 @@ dophn_core(struct magic_set *ms, int cla
+ file_badseek(ms);
+ return -1;
+ }
+- if (read(fd, xph_addr, xph_sizeof) == -1) {
++ if (read(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) {
+ file_badread(ms);
+ return -1;
+ }
+@@ -877,7 +877,7 @@ doshn(struct magic_set *ms, int clazz, i
+ }
+
+ for ( ; num; num--) {
+- if (read(fd, xsh_addr, xsh_sizeof) == -1) {
++ if (read(fd, xsh_addr, xsh_sizeof) < (ssize_t)xsh_sizeof) {
+ file_badread(ms);
+ return -1;
+ }
+@@ -1084,7 +1084,7 @@ dophn_exec(struct magic_set *ms, int cla
+ }
+
+ for ( ; num; num--) {
+- if (read(fd, xph_addr, xph_sizeof) == -1) {
++ if (read(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) {
+ file_badread(ms);
+ return -1;
+ }
--
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com
Reply to: