Bug 12944 - file new security issue CVE-2014-2270
Summary: file new security issue CVE-2014-2270
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/589936/
Whiteboard: MGA3TOO has_procedure advisory mga3-3...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2014-03-05 19:12 CET by David Walser
Modified: 2014-03-07 17:04 CET (History)
2 users (show)

See Also:
Source RPM: file-5.16-1.1.mga4.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2014-03-05 19:12:10 CET
A CVE has been allocated for a security issue fixed in file:
http://openwall.com/lists/oss-security/2014/03/05/7

More information on this issue is in RedHat's bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1072220

There was also a memory leak in file that was fixed.

These issues both affect PHP as well, so there are some details on Bug 12842:
https://bugs.mageia.org/show_bug.cgi?id=12842#c7

Advisory:
========================

Updated file packages fix security vulnerability:

A flaw was found in the way the file utility determined the type of Portable
Executable (PE) format files, the executable format used on Windows. A
malicious PE file could cause the file utility to crash or, potentially,
execute arbitrary code (CVE-2014-2270).

A memory leak in file has also been fixed.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
https://bugzilla.redhat.com/show_bug.cgi?id=1072220
http://openwall.com/lists/oss-security/2014/03/05/7
https://github.com/file/file/commit/c0c0032b9e9eb57b91fefef905a3b018bab492d9
========================

Updated packages in core/updates_testing:
========================
file-5.12-8.2.mga3
libmagic1-5.12-8.2.mga3
libmagic-devel-5.12-8.2.mga3
libmagic-static-devel-5.12-8.2.mga3
python-magic-5.12-8.2.mga3
file-5.16-1.2.mga4
libmagic1-5.16-1.2.mga4
libmagic-devel-5.16-1.2.mga4
libmagic-static-devel-5.16-1.2.mga4
python-magic-5.16-1.2.mga4

from SRPMS:
file-5.12-8.2.mga3.src.rpm
file-5.16-1.2.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2014-03-05 19:12:20 CET

Whiteboard: (none) => MGA3TOO

Comment 1 claire robinson 2014-03-06 17:27:22 CET
Testing complete mga3 32 & mga4 64

PoC is difficult to create this time so just checking file still works as it should.

$ find . -maxdepth 1 -type f -exec file {} +
./RAW_NIKON_D100.NEF:                          TIFF image data, big-endian
./img_0003.cr2:                                Canon CR2 raw image data, version 2.0
./John-OConnor_Spring-Reflections_example.psd: Adobe Photoshop Image, 800 x 533, RGB, 3x 8-bit channels
./RAW_CANON_450D.CR2:                          Canon CR2 raw image data, version 2.0
./random.tif:                                  TIFF image data, little-endian
./examples.sh:                                 POSIX shell script, ASCII text executable
./img_0003.cr2.xmp:                            UTF-8 Unicode text, with very long lines
./random.j2k:                                  JPEG 2000 codestream
./tmp.raw:                                     data
./Mountain.psd:                                Adobe Photoshop Image, 504 x 336, RGB, 3x 8-bit channels
./perl-Config-IniFiles.tar.gz:                 gzip compressed data, from Unix, last modified: Mon Jun 18 12:09:14 2012
./_MG_8882.CR2:                                Canon CR2 raw image data, version 2.0
./importres.py:                                ASCII text
./slowloris.pl:                                Perl script, ASCII text executable, with very long lines


Testing python-magic with a file called Mountain.psd ..

$ python
Python 2.7.6 (default, Feb 16 2014, 16:03:48) 
[GCC 4.7.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import magic
>>> ms = magic.open(magic.NONE)
>>> ms.load()
0
>>> tp = ms.file('Mountain.psd')
>>> print(tp)
Adobe Photoshop Image, 504 x 336, RGB, 3x 8-bit channels
>>> quit()

Whiteboard: MGA3TOO => MGA3TOO has_procedure mga3-32-ok mga4-64-ok

Comment 2 claire robinson 2014-03-06 17:36:15 CET
Advisory uploaded.

Whiteboard: MGA3TOO has_procedure mga3-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga4-64-ok

Comment 3 claire robinson 2014-03-07 12:45:41 CET
Testing complete mga3 64 and mga4 32

Validating

Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO has_procedure advisory mga3-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2014-03-07 15:22:05 CET
Update pushed:
http://advisories.mageia.org/MGASA-2014-0123.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

David Walser 2014-03-07 17:04:35 CET

URL: (none) => http://lwn.net/Vulnerabilities/589936/


Note You need to log in before you can comment on or make changes to this bug.