Bug#738832: marked as done (Segmentation fault in libmagic (src:file) [CVE-2014-1943])

[Debian Bug Tracking System]

Your message dated Sun, 23 Feb 2014 22:04:54 +0000
with message-id <e1whham-0004yq...@franck.debian.org>
and subject line Bug#738832: fixed in file 5.11-2+deb7u1
has caused the Debian Bug report #738832,
regarding Segmentation fault in libmagic (src:file) [CVE-2014-1943]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
738832: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738832
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: file
Version: 5.11-2
Severity: grave
Tags: security

[ Re-sent to BTS by request of the security team, also updated ]

a bug in the handling of "indirect" magic rules of libmagic leads to
an infinite recursion when trying to determine the file type of
certain files. The has been assigned CVE-2014-1943. Additionally,
other well-crafted files might result in long computation times (five
seconds for a single file while using 100% CPU) and overlong results
(~400k line), something some applications that operate on the file
result might not handle in a sane way.

The issue has been made public by Bernd Melchers who initially found
this bug: http://mx.gw.com/pipermail/file/2014/001327.html

Impact is two-layered. The bug itself has been introduced years ago
(pre oldstable). From jessie on, the default magic file as shipped in
the package contains a file magic rule that is exploitable for a
segmentation fault.

In other words:

jessie: Always affected and in full scale.

squeeze/wheezy: Segmentation fault when using non-standard magic
files that use "indirect" in a certain way. Still vulnerable for the
"computation time" and "overlong" issues mentioned above.

Upstream released 5.17 last night, fixing the bug for all
reproducers I have in my collection. Backporting the patch is not
trivial but hopefully feasible. I'll give that a try later the day.

    Christoph

--- End Message ---

--- Begin Message ---

Source: file
Source-Version: 5.11-2+deb7u1

We believe that the bug you reported is fixed in the latest version of
file, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 738...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Biedl <debian.a...@manchmal.in-ulm.de> (supplier of updated file 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Feb 2014 22:31:24 +0100
Source: file
Binary: file libmagic1 libmagic-dev python-magic python-magic-dbg
Architecture: source amd64
Version: 5.11-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Daniel Baumann <daniel.baum...@progress-technologies.net>
Changed-By: Christoph Biedl <debian.a...@manchmal.in-ulm.de>
Description: 
 file       - Determines file type using "magic" numbers
 libmagic-dev - File type determination library using "magic" numbers 
(developmen
 libmagic1  - File type determination library using "magic" numbers
 python-magic - File type determination library using "magic" numbers (Python 
bin
 python-magic-dbg - File type determination library using "magic" numbers 
(Python bin
Closes: 738832
Changes: 
 file (5.11-2+deb7u1) wheezy-security; urgency=high
 .
   * Fix CVE-2014-1943 for file 5.11/Debian wheezy. Closes: #738832
Checksums-Sha1: 
 bbf23b3e8caf33621b1350c313a6df5b85f187a4 1999 file_5.11-2+deb7u1.dsc
 d3a04293b110c971fced1d6f5818c45044b8855a 444104 file_5.11.orig.tar.xz
 e698c285beafb389c8eb1f4f07f4171159f2cf81 25612 file_5.11-2+deb7u1.debian.tar.xz
 c7d36e1c4c8cd300280eed99e28a2d6d8df8840b 51908 file_5.11-2+deb7u1_amd64.deb
 f255d5402185bf8ef5ca22adfde01c5d849050a4 201956 
libmagic1_5.11-2+deb7u1_amd64.deb
 3b6a49ad8b2d197dde7e7888407bc2cb87809b6e 91696 
libmagic-dev_5.11-2+deb7u1_amd64.deb
 dca66175e0f5bd266e0adf5fae60119928ac02f0 38408 
python-magic_5.11-2+deb7u1_amd64.deb
 bc0c87eddfc21cc3816857c590078078de5c1ad9 942 
python-magic-dbg_5.11-2+deb7u1_amd64.deb
Checksums-Sha256: 
 c7f14238f0634c217ee0cab251ce0a04ddf1b322ac7d96a59884ab16d0d6f325 1999 
file_5.11-2+deb7u1.dsc
 4a7c047666cf54dce00f2c5a32a6379f94203e5c886fc294bab449c1a1ae286b 444104 
file_5.11.orig.tar.xz
 dbf2bc8cd14c874b67081cd0557f37145c7e75e41ab4271ea5113b73d6927071 25612 
file_5.11-2+deb7u1.debian.tar.xz
 13bf96d8ae0901addbfb0b5cbcfef504c8a0f5fc245f30b43ce988fbea7668d8 51908 
file_5.11-2+deb7u1_amd64.deb
 22ab6c749c9fde07aa3f8bbe34a149289b4ff3ccf96fc0646eedffcedb7a57e8 201956 
libmagic1_5.11-2+deb7u1_amd64.deb
 04ecb43af50fe8433acb69476e63bf99b5c7e547c98bf1946e7e287b5f501caa 91696 
libmagic-dev_5.11-2+deb7u1_amd64.deb
 3f71b5351a40a0878b2db287cdea208cc9af4cce2dc6b74330ba7ea85610b268 38408 
python-magic_5.11-2+deb7u1_amd64.deb
 10b1d7915f0a8a7e4e446d86fab586422fd4af39eb5dd8eb1532a019b6ed282b 942 
python-magic-dbg_5.11-2+deb7u1_amd64.deb
Files: 
 a1c4efae3468dd742a8b530404bb7efc 1999 utils standard file_5.11-2+deb7u1.dsc
 8183e889f981708d45f8e57a2248101d 444104 utils standard file_5.11.orig.tar.xz
 ccdb3ac2b7a64e60210afe8ace850efb 25612 utils standard 
file_5.11-2+deb7u1.debian.tar.xz
 40f3ba87f15885cc9b9eec60127e5e8d 51908 utils standard 
file_5.11-2+deb7u1_amd64.deb
 2779f71ae1d52553c8e3ee79e67a6b97 201956 libs standard 
libmagic1_5.11-2+deb7u1_amd64.deb
 a9a56128c267ae71b878da1df5078c2a 91696 libdevel optional 
libmagic-dev_5.11-2+deb7u1_amd64.deb
 7a57dee93bd060e25fa3d53df8dbe95f 38408 python extra 
python-magic_5.11-2+deb7u1_amd64.deb
 721cbf32d1911566820bfdd1064617bf 942 debug extra 
python-magic-dbg_5.11-2+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJS/5rvAAoJEAVMuPMTQ89E8WYP/2J4YXkVa3k10CqBLJMS8CMt
W5xaeEOjacOlUHjkUt0g/hCu4POE0vvrfdp0xVlv89SpgeYDym/riJvvPgXDFc1g
7lOPBtPYYc7CB9+P9ZlISZOx7TEl4Tw/9kP1PA2qd//ol5cU/nV5lXtDVRI5klrG
eddun5JpykGJ7O0hsYp2hoUiaiG8sDznqAhZCDue2XjDRcLHzyijuskSjbxNHvF/
bcPd2hcPVG/BEybo+HK4ra2rWwaFry4JJgtJs9Qql9FXYbUQDL/EZAykmxGhQYAc
AFtnsxr6uRwWqyd6KUwS/d10jmShXjfviCasgDc+ZUpS0uswVqge83z7XX//ZFhD
j3r7IbrJZegD+CnZSZ0T0VN776Kmu43LT1GrFD3Q6r9Zk82DkH/wAg/ZFfIx+Zlm
9SLGVoOu8lfEFIhgFS026GupFCvdMVnLkkve/YXkHb1UF0UMg15aSAMkVnMjnv/Y
ofk/IUgV+/IpRiPHAQXusn5ddDlqhx/cIN50zbOrupZF3MICu/2HOBhRhBBK3jrw
stldoGR5MolXmI4lzLi0XpnZi6Ej6oR1gWuxW9hDAsk3RjMGOVBpZA5UDs1SrW1n
cB7uinU46XhLKguIYHWo+nw1uLpYFWwdmNwfeJrYPWgSwcJOfaO7UdJHz4NOm+yd
VUkcLhYYaH8vIGbTe/Bl
=I7DT
-----END PGP SIGNATURE-----

--- End Message ---