diff --git a/SOURCES/file-5.11-CVE-2018-10360.patch b/SOURCES/file-5.11-CVE-2018-10360.patch new file mode 100644 index 00000000..0b7aeba3 --- /dev/null +++ b/SOURCES/file-5.11-CVE-2018-10360.patch @@ -0,0 +1,28 @@ +From 8616080aecf07436e80a27f68c336382c1d1c22d Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Sat, 9 Jun 2018 16:00:06 +0000 +Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis) + +Upstream-commit: a642587a9c9e2dd7feacdf513c3643ce26ad3c22 +Signed-off-by: Kamil Dudka +--- + src/readelf.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 3df0836..d96a538 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -966,7 +966,8 @@ core: + + cname = (unsigned char *) + &nbuf[doff + prpsoffsets(i)]; +- for (cp = cname; *cp && isprint(*cp); cp++) ++ for (cp = cname; cp < nbuf + size && *cp ++ && isprint(*cp); cp++) + continue; + /* + * Linux apparently appends a space at the end +-- +2.14.4 + diff --git a/SPECS/file.spec b/SPECS/file.spec index f24bf82c..a280f2bb 100644 --- a/SPECS/file.spec +++ b/SPECS/file.spec @@ -5,7 +5,7 @@ Summary: A utility for determining file types Name: file Version: 5.11 -Release: 35%{?dist} +Release: 36%{?dist} License: BSD Group: Applications/File Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ -72,6 +72,9 @@ Patch60: file-5.11-gzip-strength.patch # fix #1562135 - do not classify groovy script as python code Patch61: file-5.11-python-comment.patch +# fix out-of-bounds read via a crafted ELF file (CVE-2018-10360) +Patch62: file-5.11-CVE-2018-10360.patch + URL: http://www.darwinsys.com/file/ Requires: file-libs = %{version}-%{release} BuildRequires: zlib-devel @@ -179,6 +182,7 @@ file(1) command. %patch59 -p1 %patch60 -p1 %patch61 -p1 +%patch62 -p1 # Patches can generate *.orig files, which can't stay in the magic dir, # otherwise there will be problems when compiling magic file! @@ -258,6 +262,9 @@ cd python %endif %changelog +* Tue Aug 06 2019 Kamil Dudka - 5.11-36 +- fix out-of-bounds read via a crafted ELF file (CVE-2018-10360) + * Wed Jun 06 2018 Kamil Dudka 5.11-35 - fix #1562135 - do not classify groovy script as python code