Bug 902367 - (CVE-2014-3710) VUL-0: CVE-2014-3710: file: out-of-bounds read in elf note headers
(CVE-2014-3710)
VUL-0: CVE-2014-3710: file: out-of-bounds read in elf note headers
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Dr. Werner Fink
Security Team bot
https://smash.suse.de/issue/110110/
maint:released:sle11-sp1:59592 wasL3:...
: DSLA_REQUIRED, DSLA_SOLUTION_PROVIDED
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-10-23 08:47 UTC by Victor Pereira
Modified: 2018-10-19 18:29 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-10-23 08:47:55 UTC
CVE-2014-3710

An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash.


References:
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 (upstream fix)
https://bugzilla.redhat.com/show_bug.cgi?id=1155071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
Comment 1 Dr. Werner Fink 2014-10-23 12:15:35 UTC
Is this really a VUL-0 ... nevertheless I've available

file/Update> ll
total 16
drwxr-xr-x 3 werner suse  738 Oct 23 14:05 SLE-10-SP3
drwxr-xr-x 3 werner suse  738 Oct 23 14:03 SLE-10-SP4
drwxr-xr-x 3 werner suse 4096 Oct 23 14:01 SLE-11
drwxr-xr-x 3 werner suse  690 Oct 23 14:07 SLE-9
drwxr-xr-x 3 werner suse 4096 Oct 23 14:12 openSUSE_12.3
drwxr-xr-x 3 werner suse 4096 Oct 23 14:01 openSUSE_13.1
drwxr-xr-x 3 werner suse 4096 Oct 23 14:10 openSUSE_13.2
file/Update> foreach d (SLE-* openSUSE_1*)
foreach? pushd $d
foreach? osc st
foreach? popd
foreach? end
/usr/src/werner/file/Update/SLE-10-SP3 /usr/src/werner/file/Update 
M    file-4.03-tex.dif
A    file-4.24-CVE-2014-3710.patch
M    file.changes
M    file.spec
/usr/src/werner/file/Update 
/usr/src/werner/file/Update/SLE-10-SP4 /usr/src/werner/file/Update 
A    file-4.24-CVE-2014-3710.patch
M    file.changes
M    file.spec
/usr/src/werner/file/Update 
/usr/src/werner/file/Update/SLE-11 /usr/src/werner/file/Update 
M    file-4.03-tex.dif
A    file-4.24-CVE-2014-3710.patch
M    file.changes
M    file.spec
/usr/src/werner/file/Update 
/usr/src/werner/file/Update/SLE-9 /usr/src/werner/file/Update 
M    file-4.03-tex.dif
A    file-4.24-CVE-2014-3710.patch
M    file.changes
M    file.spec
/usr/src/werner/file/Update 
/usr/src/werner/file/Update/openSUSE_12.3 /usr/src/werner/file/Update 
A    file-5.20-CVE-2014-3710.patch
M    file.changes
M    file.spec
/usr/src/werner/file/Update 
/usr/src/werner/file/Update/openSUSE_13.1 /usr/src/werner/file/Update 
A    file-5.20-CVE-2014-3710.patch
M    file.changes
M    file.spec
/usr/src/werner/file/Update 
/usr/src/werner/file/Update/openSUSE_13.2 /usr/src/werner/file/Update 
A    file-5.20-CVE-2014-3710.patch
M    file.changes
M    file.spec
/usr/src/werner/file/Update
Comment 2 Swamp Workflow Management 2014-10-23 22:01:03 UTC
bugbot adjusting priority
Comment 3 Dr. Werner Fink 2014-10-30 14:43:32 UTC
Ping!?
Comment 4 Swamp Workflow Management 2014-11-07 11:04:42 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-11-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59591
Comment 5 Johannes Segitz 2014-11-07 11:08:42 UTC
Thank you for your submits, I started a SWAMP. This was fixed in file 5.20, so SLE 12 needs this fix also.
Comment 9 Bernhard Wiedemann 2014-11-18 11:00:16 UTC
This is an autogenerated message for OBS integration:
This bug (902367) was mentioned in
https://build.opensuse.org/request/show/262138 12.3 / file
https://build.opensuse.org/request/show/262139 13.1 / file
Comment 11 Dr. Werner Fink 2014-11-18 11:04:59 UTC
SLE-10-SP3
 46374  State:review     By:licensedigger When:2014-11-18T10:55:06

SLE-10-SP4
 46373  State:review     By:licensedigger When:2014-11-18T10:45:07

SLE-11
 46375  State:review     By:licensedigger When:2014-11-18T10:55:12

openSUSE_12.3
262138  State:new        By:maintbot     When:2014-11-18T10:59:11

openSUSE_13.1
262139  State:new        By:maintbot     When:2014-11-18T10:59:12

openSUSE_13.2
262142  State:review     By:WernerFink   When:2014-11-18T11:04:21
Comment 12 Dr. Werner Fink 2014-11-18 11:11:00 UTC
For SLES-12 I get also an error

Update/SLE-12> isc submitreq home:WernerFink:branches:SUSE:SLE-12:Update file.SUSE_SLE-12_Update SUSE:SLE-12:Update file
WARNING:
WARNING: Project does not accept submit request, request to open a NEW maintenance incident instead
WARNING:
Server returned an error: HTTP Error 400: Bad Request
Maintenance incident requests have to go to projects of type maintenance or maintenance_incident


but I *have* done

   isc branch -M SUSE:SLE-12:GA file

which indeed does create project and package in maintenance mode!
Comment 13 Johannes Segitz 2014-11-18 11:48:28 UTC
(In reply to Dr. Werner Fink from comment #12)
Your osc is probably to old. Please try it with the latest version.
Comment 14 Bernhard Wiedemann 2014-11-18 12:00:07 UTC
This is an autogenerated message for OBS integration:
This bug (902367) was mentioned in
https://build.opensuse.org/request/show/262142 13.2 / file
Comment 15 Dr. Werner Fink 2014-11-18 12:09:17 UTC
(In reply to Dr. Werner Fink from comment #12)

About which version do we talk? I've tried 0.138
Comment 16 Dr. Werner Fink 2014-11-18 12:15:08 UTC
OK with 0.149 it works ... SR#46383
Comment 18 Swamp Workflow Management 2014-11-21 18:05:49 UTC
SUSE-SU-2014:1473-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 902367
CVE References: CVE-2014-3710
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    file-4.24-43.27.1, python-magic-4.24-43.27.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    file-4.24-43.27.1
SUSE Linux Enterprise Server 11 SP3 (src):    file-4.24-43.27.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    file-4.24-43.27.1
Comment 19 Swamp Workflow Management 2014-11-27 10:05:42 UTC
openSUSE-SU-2014:1516-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 902367
CVE References: CVE-2014-3710
Sources used:
openSUSE 13.2 (src):    file-5.19-3.4.1, python-magic-5.19-3.4.1
openSUSE 13.1 (src):    file-5.15-4.24.1, python-magic-5.15-4.24.1
openSUSE 12.3 (src):    file-5.11-12.27.1, python-magic-5.11-12.27.1
Comment 20 Swamp Workflow Management 2014-12-04 14:05:08 UTC
SUSE-SU-2014:1555-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 888308,902367
CVE References: CVE-2014-3710
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    file-5.19-5.2, python-magic-5.19-5.3
SUSE Linux Enterprise Server 12 (src):    file-5.19-5.2
SUSE Linux Enterprise Desktop 12 (src):    file-5.19-5.2
Comment 21 Bernhard Wiedemann 2014-12-17 14:00:07 UTC
This is an autogenerated message for OBS integration:
This bug (902367) was mentioned in
https://build.opensuse.org/request/show/265566 Factory / file
Comment 27 Leonardo Chiquitto 2015-01-16 18:58:23 UTC
Can be closed again.
Comment 28 Leonardo Chiquitto 2015-01-16 18:58:43 UTC
> Can be closed again.

For real.