[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Bugs in "file" program VU#621745
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-02-29 22:10:47
Message-ID: 4F4EA267.3080204 () redhat ! com
[Download RAW message or body]
On 02/29/2012 10:52 AM, Florian Weimer wrote:
> * Kurt Seifried:
>
>>> We recently pointed the CERT BFF at the ubiquitous "file" command
>>> and found a few bugs. While we've not proven the bugs to be
>>> exploitable, we've also not ruled out the possibility that they
>>> could be.
>>>
>>> Fixes were committed on Feb 16, 2012:
>>> https://github.com/glensc/file/commits/master
>
>> If any of these are security issues please let me know and I will
>> assign CVE #'s.
>
> file also provides a library, libmagic. This could lead to crashes of
> server processes which use libmagic. Debian will likely release a fix
> as a security update.
Fair enough but I'd like some details before issuing CVE's, like what
are the actual security issues that have been fixed?
--
Kurt Seifried Red Hat Security Response Team (SRT)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic