Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4F42BFE8.7030102@redhat.com>
Date: Mon, 20 Feb 2012 14:49:28 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: "CERT(R) Coordination Center" <cert@...t.org>
Subject: Re: Bugs in "file" program VU#621745

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/20/2012 10:53 AM, CERT(R) Coordination Center wrote:
> Hi folks,
> 
> We recently pointed the CERT BFF at the ubiquitous "file" command
> and found a few bugs.  While we've not proven the bugs to be
> exploitable, we've also not ruled out the possibility that they
> could be.
> 
> Fixes were committed on Feb 16, 2012: 
> https://github.com/glensc/file/commits/master
> 
> 
> Thank you, Will Dormann
> 
> ============================= Vulnerability Analyst CERT
> Coordination Center 4500 Fifth Ave. Pittsburgh, PA 15213 
> 1-412-268-7090 =============================
> 

If any of these are security issues please let me know and I will
assign CVE #'s.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPQr/oAAoJEBYNRVNeJnmTlZcP/2jltmmsUM84A5nH+JjWREDn
m7Ywd2Jbo/fxr9c09jjakHscVqJLA1VjBtKOB7zcWYyR6St7P4vAIsQMo1yWGel9
fz9W5mfSKxErHM4nlFhaHOND8B1KQ73Dtk5ojDPkGuRfDxkT86rEraOPyccMTVue
xNz4P9+X8tgz0M5Zlrflm2CkyN3K9ls0ZZffFQsjAdOaEMuTkkq+POSGHvgN378r
oStze+kvg+aS2klP0D7ik7A3DJYzaFiRw425AgXaFkHPtR+AMt6/fopOSRv+x+wB
A4THNe7G0LEA1dxBNmCFaG+FW9e8SZjlRkoDfmpT4vVFcumB1pEK4R6a4E5nOH4w
xKmaKIc2x7nBTMKjZfiFWr7reb4+Ml9WvR5RGOf4zsTR8HRqYZxzfQAkSCzi0rPZ
kvNTRAvvHYFeKQy+XZZD+AZoIrj8y62foH2YKrEBnwp7y+7J4kKZHdkIGZjn8g9L
mhb0YXTZuH4OcT+dNE1SryvWCeNmc9cY+GKQ/Fl+rmIqeO5fqDLunzbqGmGYvA7J
Xyhx8bXmjBfkPm2yYKokAGdpR8qsWWLwnAphnM+TLRSK/ro7E+PBW1rl9Ioz3//v
Qljs+CcIjx4iff14JBazuACQ0kORy8uG9tQBq48uwSQDB2apHOHPJ2EAT47tJkXG
KL5sxD25MfFrCMH0dj40
=GhYv
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.