diff --git a/file-5.33-CVE-2018-10360.patch b/file-5.33-CVE-2018-10360.patch new file mode 100644 index 0000000..0b4e96b --- /dev/null +++ b/file-5.33-CVE-2018-10360.patch @@ -0,0 +1,28 @@ +From 8616080aecf07436e80a27f68c336382c1d1c22d Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Sat, 9 Jun 2018 16:00:06 +0000 +Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis) + +Upstream-commit: a642587a9c9e2dd7feacdf513c3643ce26ad3c22 +Signed-off-by: Kamil Dudka +--- + src/readelf.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 3df0836..d96a538 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -825,7 +825,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, + + cname = (unsigned char *) + &nbuf[doff + prpsoffsets(i)]; +- for (cp = cname; *cp && isprint(*cp); cp++) ++ for (cp = cname; cp < nbuf + size && *cp ++ && isprint(*cp); cp++) + continue; + /* + * Linux apparently appends a space at the end +-- +2.14.4 + diff --git a/file.spec b/file.spec index 51ec3e8..d71a5fc 100644 --- a/file.spec +++ b/file.spec @@ -15,7 +15,7 @@ Summary: A utility for determining file types Name: file Version: 5.33 -Release: 6%{?dist} +Release: 7%{?dist} License: BSD Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -33,6 +33,9 @@ Patch4: file-5.33-seccomp.patch # do not classify shared libraries as pie executables (#1581343) Patch5: file-5.33-pie-executable-revert.patch +# fix out-of-bounds read via a crafted ELF file (CVE-2018-10360) +Patch6: file-5.33-CVE-2018-10360.patch + URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -209,6 +212,9 @@ cd %{py3dir} %endif %changelog +* Wed Jun 13 2018 Kamil Dudka - 5.33-7 +- fix out-of-bounds read via a crafted ELF file (CVE-2018-10360) + * Mon May 28 2018 Kamil Dudka - 5.33-6 - make file-devel depend on file-libs, instead of file - reintroduce file-static subpackage (#1575661)