Hi all, I would like to send the debdiff file for file package. Could any one please review it and give me some comments.
This fix is for error where malformed elf file causes access to uninitialized memory as reported in CVE-2014-9653. readelf.c use read() in several places and only check for -1 is not sufficient in case file was partial read. Thanks and best regards Cong -- ===================================================================== Nguyen The Cong (Mr) Software Engineer Toshiba Software Development (Vietnam) Co.,Ltd 519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam tel: +84-4-2220 8801 (Ext. 208) e-mail: cong.nguyen...@toshiba-tsdv.com ===================================================================== Note: This e-mail message may contain personal information or confidential information. If you are not the addressee of this message, please delete this message and kindly notify the sender as soon as possible - do not copy, use, or disclose this message.
diff -u file-5.04/debian/changelog file-5.04/debian/changelog --- file-5.04/debian/changelog +++ file-5.04/debian/changelog @@ -1,3 +1,11 @@ +file (5.04-5+squeeze10) squeeze-lts; urgency=low + + * Non-maintainer upload by the Debian LTS team + * Fix malformed elf file causes access to uninitialized memory + as reported in CVE-2014-9653. + + -- Nguyen Cong <cong.nguyen...@toshiba-tsdv.com> Fri, 13 Feb 2015 11:42:50 +0700 + file (5.04-5+squeeze9) squeeze-lts; urgency=high * Fix several security issues, Closes: #773148 diff -u file-5.04/debian/patches/series file-5.04/debian/patches/series --- file-5.04/debian/patches/series +++ file-5.04/debian/patches/series @@ -111,0 +112 @@ +CVE-2014-9653.patch only in patch2: unchanged: --- file-5.04.orig/debian/patches/CVE-2014-9653.patch +++ file-5.04/debian/patches/CVE-2014-9653.patch @@ -0,0 +1,42 @@ +Description: Bail out on partial reads + readelf.c uses read() in several places and checks only for -1 in most + of them. Hence it's happy with partial reads and valgrind show various + errors concerning uninitialised values in such cases. +Origin: upstream + https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f +Bug: + http://mx.gw.com/pipermail/file/2014/001649.html + http://bugs.gw.com/view.php?id=409 +Applied-Upstream: commit 445c8fb0ebff85195be94cd9f7e1df89cade5c7f +Last-Update: 2015-02-13 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -330,7 +330,7 @@ dophn_core(struct magic_set *ms, int cla + file_badseek(ms); + return -1; + } +- if (read(fd, xph_addr, xph_sizeof) == -1) { ++ if (read(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) { + file_badread(ms); + return -1; + } +@@ -877,7 +877,7 @@ doshn(struct magic_set *ms, int clazz, i + } + + for ( ; num; num--) { +- if (read(fd, xsh_addr, xsh_sizeof) == -1) { ++ if (read(fd, xsh_addr, xsh_sizeof) < (ssize_t)xsh_sizeof) { + file_badread(ms); + return -1; + } +@@ -1084,7 +1084,7 @@ dophn_exec(struct magic_set *ms, int cla + } + + for ( ; num; num--) { +- if (read(fd, xph_addr, xph_sizeof) == -1) { ++ if (read(fd, xph_addr, xph_sizeof) < (ssize_t)xph_sizeof) { + file_badread(ms); + return -1; + }
-- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com
