Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu Hello release team, the stable security team suggested to fix CVE-2015-8865¹ in the file package via a point relase. Description: "Buffer over-write in finfo_open with malformed magic file". If a magic file is unter attacker's control, this can be abused to crash file. The debdiff is attached. Regards, Christoph ¹https://security-tracker.debian.org/tracker/CVE-2015-8865 -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.9 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
diff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog --- file-5.22+15/debian/changelog 2015-09-13 18:27:47.000000000 +0200 +++ file-5.22+15/debian/changelog 2016-05-09 08:23:30.000000000 +0200 @@ -1,3 +1,10 @@ +file (1:5.22+15-2+deb8u2) stable; urgency=high + + * Fix CVE-2015-8865: + Buffer over-write in finfo_open with malformed magic file. + + -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de> Mon, 09 May 2016 08:18:53 +0200 + file (1:5.22+15-2+deb8u1) stable; urgency=medium * Fix handling of file's --parameter option. Closes: #798410 diff -Nru file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch --- file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch 1970-01-01 01:00:00.000000000 +0100 +++ file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch 2016-05-09 08:17:17.000000000 +0200 @@ -0,0 +1,24 @@ +Subject: Buffer over-write in finfo_open with malformed magic file +ID: CVE-2015-8865 +Upstream-Author: Christos Zoulas <christos@zoulas.com> +Author: Christos Zoulas <christos@zoulas.com> +Date: Wed Jun 3 18:01:20 2015 +0000 +Origin: FILE5_22-75-g6713ca4 +Origin: https://bugs.php.net/bug.php?id=71527 (Original bug report) +Origin: http://bugs.gw.com/view.php?id=522 (bug report for file) + + [ Original description: ] + PR/454: Fix memory corruption when the continuation level jumps by more than + 20 in a single step. + +--- a/src/funcs.c ++++ b/src/funcs.c +@@ -401,7 +401,7 @@ + size_t len; + + if (level >= ms->c.len) { +- len = (ms->c.len += 20) * sizeof(*ms->c.li); ++ len = (ms->c.len = 20 + level) * sizeof(*ms->c.li); + ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ? + malloc(len) : + realloc(ms->c.li, len)); diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series --- file-5.22+15/debian/patches/series 2015-09-13 18:26:26.000000000 +0200 +++ file-5.22+15/debian/patches/series 2016-05-09 08:10:53.000000000 +0200 @@ -12,3 +12,4 @@ 0013-jpeg.c5d7f4d.patch cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch +CVE-2015-8865.6713ca4.patch
Attachment:
signature.asc
Description: Digital signature