1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202409-06 ] file: Stack Buffer Overread

    From glsamaker@gentoo.org@21:1/5 to All on Sun Sep 22 08:10:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202409-06
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: file: Stack Buffer Overread
    Date: September 22, 2024
    Bugs: #918554
    ID: 202409-06

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    A vulnerability has been discovered in file, which could lead to a
    denial of service.

    Background
    ==========

    The file utility attempts to identify a file’s format by scanning binary
    data for patterns.

    Affected packages
    =================

    Package Vulnerable Unaffected
    ------------- ------------ ------------
    sys-apps/file < 5.42 >= 5.42

    Description
    ===========

    Multiple vulnerabilities have been discovered in file. Please review the
    CVE identifiers referenced below for details.

    Impact
    ======

    File has an stack-based buffer over-read in file_copystr in funcs.c.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All file users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-apps/file-5.42"

    References
    ==========

    [ 1 ] CVE-2022-48554
    https://nvd.nist.gov/vuln/detail/CVE-2022-48554

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202409-06

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmbvs48ACgkQFMQkOaVy +9mDghAAt5GL1FULlh4XBCyCILWyNBC7whv0QP6w8yjqzAqiXdggScqLyn9Ayfwe ficeVyrE+rDyXJY0RGdUG+52PU8QboVxMZHmTSMCr7SHwI0zWhLAelxGxZZXfAxA TAbfr/WAWQcOAQReIiBaeWcAqG1rZPW+/z+s509smQrTLIx3/8BoY7cIMK+Mpgsx UCjB/Xutmbygwudi6bsAlwJovh2ZfFkUf/lDm1luyFcO/noUyhxcKjJ/tOrfN/tQ yfT6n0WVEVDKVzd7nK4WJQBFRUDwz8ceasY0Htfo0IdXUoCwGpzmghcF7GKr9lQ9 VNfud4TIyVIB4EBZVonZsFGxQjiukVjAqVFwlq/WE7Q4aiulF9TxW9Iy7qNF9AKH E3F0S7UQ+X+kq2YJxuFo1eBhSLSpB9GKU6Pc37n7yVGxhTbIiFODgMRvcG4V8R/G globBvQnIWAsO1BMbJAGhkFvWslxy7IvS8qzGBPoZZs4tv16ghskdQCikx2HflJJ 97sV30rxqRo3sVoZAsU2t0xIjkm4wgKtSTgzr51lpHHt78LtG3KPajdBfA4Mw5cZ ZAS1mdzkrE+mI7WCXYN0ncNzFVNPnYGApVv0JvSx61+EgTqmjuchbUQJQpww1xhU rUMoT6ISqVJKSJypNfbvA5VNW4f2EEYpqLSt8FT5XS70k+BS/Ok=
    =btWV
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)