Gentoo alert 202409-06 (file)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202409-06 ] file: Stack Buffer Overread | |
| Date: | Sun, 22 Sep 2024 06:05:03 -0000 | |
| Message-ID: | <172698510366.7.5454721798147405781@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: file: Stack Buffer Overread Date: September 22, 2024 Bugs: #918554 ID: 202409-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in file, which could lead to a denial of service. Background ========== The file utility attempts to identify a file’s format by scanning binary data for patterns. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ sys-apps/file < 5.42 >= 5.42 Description =========== Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact ====== File has an stack-based buffer over-read in file_copystr in funcs.c. Workaround ========== There is no known workaround at this time. Resolution ========== All file users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/file-5.42" References ========== [ 1 ] CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmbvs48ACgkQFMQkOaVy +9mDghAAt5GL1FULlh4XBCyCILWyNBC7whv0QP6w8yjqzAqiXdggScqLyn9Ayfwe ficeVyrE+rDyXJY0RGdUG+52PU8QboVxMZHmTSMCr7SHwI0zWhLAelxGxZZXfAxA TAbfr/WAWQcOAQReIiBaeWcAqG1rZPW+/z+s509smQrTLIx3/8BoY7cIMK+Mpgsx UCjB/Xutmbygwudi6bsAlwJovh2ZfFkUf/lDm1luyFcO/noUyhxcKjJ/tOrfN/tQ yfT6n0WVEVDKVzd7nK4WJQBFRUDwz8ceasY0Htfo0IdXUoCwGpzmghcF7GKr9lQ9 VNfud4TIyVIB4EBZVonZsFGxQjiukVjAqVFwlq/WE7Q4aiulF9TxW9Iy7qNF9AKH E3F0S7UQ+X+kq2YJxuFo1eBhSLSpB9GKU6Pc37n7yVGxhTbIiFODgMRvcG4V8R/G globBvQnIWAsO1BMbJAGhkFvWslxy7IvS8qzGBPoZZs4tv16ghskdQCikx2HflJJ 97sV30rxqRo3sVoZAsU2t0xIjkm4wgKtSTgzr51lpHHt78LtG3KPajdBfA4Mw5cZ ZAS1mdzkrE+mI7WCXYN0ncNzFVNPnYGApVv0JvSx61+EgTqmjuchbUQJQpww1xhU rUMoT6ISqVJKSJypNfbvA5VNW4f2EEYpqLSt8FT5XS70k+BS/Ok= =btWV -----END PGP SIGNATURE-----