[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#823794: jessie-pu: package file/1:5.22+15-2+deb8u2

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hello release team,

the stable security team suggested to fix CVE-2015-8865¹ in the
file package via a point relase.

Description: "Buffer over-write in finfo_open with malformed magic
file". If a magic file is unter attacker's control, this can be abused
to crash file.

The debdiff is attached.

Regards,

    Christoph

¹https://security-tracker.debian.org/tracker/CVE-2015-8865

-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.9 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)


diff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog
--- file-5.22+15/debian/changelog	2015-09-13 18:27:47.000000000 +0200
+++ file-5.22+15/debian/changelog	2016-05-09 08:23:30.000000000 +0200
@@ -1,3 +1,10 @@
+file (1:5.22+15-2+deb8u2) stable; urgency=high
+
+  * Fix CVE-2015-8865:
+    Buffer over-write in finfo_open with malformed magic file.
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Mon, 09 May 2016 08:18:53 +0200
+
 file (1:5.22+15-2+deb8u1) stable; urgency=medium
 
   * Fix handling of file's --parameter option. Closes: #798410
diff -Nru file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch
--- file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch	1970-01-01 01:00:00.000000000 +0100
+++ file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch	2016-05-09 08:17:17.000000000 +0200
@@ -0,0 +1,24 @@
+Subject: Buffer over-write in finfo_open with malformed magic file
+ID: CVE-2015-8865
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Author: Christos Zoulas <christos@zoulas.com>
+Date: Wed Jun 3 18:01:20 2015 +0000
+Origin: FILE5_22-75-g6713ca4
+Origin: https://bugs.php.net/bug.php?id=71527 (Original bug report)
+Origin: http://bugs.gw.com/view.php?id=522 (bug report for file)
+
+    [ Original description: ]
+    PR/454: Fix memory corruption when the continuation level jumps by more than
+    20 in a single step.
+
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -401,7 +401,7 @@
+ 	size_t len;
+ 
+ 	if (level >= ms->c.len) {
+-		len = (ms->c.len += 20) * sizeof(*ms->c.li);
++		len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
+ 		ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
+ 		    malloc(len) :
+ 		    realloc(ms->c.li, len));
diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series
--- file-5.22+15/debian/patches/series	2015-09-13 18:26:26.000000000 +0200
+++ file-5.22+15/debian/patches/series	2016-05-09 08:10:53.000000000 +0200
@@ -12,3 +12,4 @@
 0013-jpeg.c5d7f4d.patch
 cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch
 cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch
+CVE-2015-8865.6713ca4.patch

Attachment: signature.asc
Description: Digital signature

Reply to: