[file/f21] fix #1155464 - fix for CVE-2014-3710
Jan Kaluža
jkaluza at fedoraproject.org
Thu Oct 23 07:20:07 UTC 2014
commit d88099c933f9ee9ebeade2a26aca207ad55359eb
Author: Jan Kaluza <jkaluza at redhat.com>
Date: Thu Oct 23 09:20:08 2014 +0200
fix #1155464 - fix for CVE-2014-3710
file-5.20-CVE-2014-3710.patch | 28 ++++++++++++++++++++++++++++
file.spec | 7 ++++++-
2 files changed, 34 insertions(+), 1 deletions(-)
---
diff --git a/file-5.20-CVE-2014-3710.patch b/file-5.20-CVE-2014-3710.patch
new file mode 100644
index 0000000..0fcf703
--- /dev/null
+++ b/file-5.20-CVE-2014-3710.patch
@@ -0,0 +1,28 @@
+From 39c7ac1106be844a5296d3eb5971946cc09ffda0 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos at zoulas.com>
+Date: Fri, 17 Oct 2014 15:49:00 +0000
+Subject: [PATCH] Fix note bounds reading, Francisco Alonso / Red Hat
+
+---
+ ChangeLog | 4 ++++
+ src/readelf.c | 9 ++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 08f81f5..9ebdebd 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
+ uint32_t namesz, descsz;
+ unsigned char *nbuf = CAST(unsigned char *, vbuf);
+
++ if (xnh_sizeof + offset > size) {
++ /*
++ * We're out of note headers.
++ */
++ return xnh_sizeof + offset;
++ }
++
+ (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
+ offset += xnh_sizeof;
+
diff --git a/file.spec b/file.spec
index f9765da..dadcdbf 100644
--- a/file.spec
+++ b/file.spec
@@ -4,7 +4,7 @@
Summary: A utility for determining file types
Name: file
Version: 5.19
-Release: 6%{?dist}
+Release: 7%{?dist}
License: BSD
Group: Applications/File
Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
@@ -24,6 +24,7 @@ Patch11: file-5.19-locale-archive.patch
Patch12: file-5.19-msooxml.patch
Patch13: file-5.19-python-3.4.patch
Patch14: file-5.19-cafebabe.patch
+Patch15: file-5.20-CVE-2014-3710.patch
URL: http://www.darwinsys.com/file/
Requires: file-libs = %{version}-%{release}
BuildRequires: zlib-devel
@@ -98,6 +99,7 @@ file(1) command.
%patch12 -p1
%patch13 -p1
%patch14 -p1
+%patch15 -p1
# Patches can generate *.orig files, which can't stay in the magic dir,
# otherwise there will be problems with compiling magic file!
@@ -206,6 +208,9 @@ cd %{py3dir}
%endif
%changelog
+* Thu Oct 23 2014 Jan Kaluza <jkaluza at redhat.com> - 5.19-7
+- fix #1155464 - fix for CVE-2014-3710
+
* Wed Sep 03 2014 Jan Kaluza <jkaluza at redhat.com> - 5.19-6
- fix #1134580 - detect Mach-O universal binary
More information about the scm-commits
mailing list