[3.6] file: stack based buffer overflow (CVE-2017-1000249)
File versions 5.29, 5.30 and 5.31 contain a stack based
buffer overflow when parsing a specially crafted input file.
The issue lets an attacker overwrite a fixed 20 bytes stack buffer
with a specially crafted .notes section in an ELF binary file.
Fixed In Version:
file 5.32
References:
http://openwall.com/lists/oss-security/2017/09/05/3
Introduced by: https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d1
Patch:
https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
(from redmine: issue id 7809, created on 2017-09-11, closed on 2017-09-14)
- Changesets:
- Revision 97e3091a by Francesco Colista on 2017-09-11T07:18:47Z:
main/file: security upgrade to 5.32. Fixes #7809