Bugzilla – Bug 910252
VUL-1: CVE-2014-8116: file: multiple denial of service issues (resource consumption)
Last modified: 2020-09-18 12:55:52 UTC
Via rh#1171580: CVE-2014-8116 was assigned to this issue. Thomas Jarosch of Intra2net AG reported a number of denial of service issues (resource consumption) in the ELF parser used by file(1). Using file(1) on a specially-crafted ELF binary could lead to a denial of service (resource consumption). Upstream fixes: https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8 https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6 Due to some regressions found when testing, the following commits are also required: https://github.com/file/file/commit/8a905717660395b38ec4966493f6f1cf2f33946c https://github.com/file/file/commit/90018fe22ff8b74a22fcd142225b0a00f3f12677 https://github.com/file/file/commit/6bf45271eb8e0e6577b92042ce2003ba998d1686 Refer also to rh#1174606 (CVE-2014-8117) Acknowledgements: Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting these issues.
See bug 910253 for CVE-2014-8117.
Please tell us *which* versions are affected as well as *please* provide an reproducer.
bugbot adjusting priority
Args ... currently all is not in sync on IBS!! If I mbranch I'll get the *old* tree without the fix for CVE-2014-3710 for e.g. SUSE:SLE-10-SP4
This is an autogenerated message for OBS integration: This bug (910252) was mentioned in https://build.opensuse.org/request/show/265566 Factory / file
Grmmm .... I have ported the patches to file-5.19 but on file-5.15 I face much more trouble: Patch #44 (0003-reduce-recursion-level-from-20-to-10-and-make-a-symb.patch): + patch -p0 -s 1 out of 1 hunk FAILED -- saving rejects to file src/file.h.rej 1 out of 1 hunk FAILED -- saving rejects to file src/funcs.c.rej 3 out of 4 hunks FAILED -- saving rejects to file src/softmagic.c.rej error: Bad exit status from /var/tmp/rpm-tmp.21653 (%prep) and the src/softmagic.c.rej is really horrible Q: Are file-5.15 and below really affected? Please add reproducers!
file-5.11/src/softmagic.c does not do recursion also below file-5.11
Ping?
This is an autogenerated message for OBS integration: This bug (910252) was mentioned in https://build.opensuse.org/request/show/265888 13.2 / file https://build.opensuse.org/request/show/265889 13.1 / file
openSUSE-SU-2014:1721-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 910252,910253 CVE References: CVE-2014-8116,CVE-2014-8117 Sources used: openSUSE 13.1 (src): file-5.15-4.28.1, python-magic-5.15-4.28.1
SUSE-SU-2014:1730-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 910252,910253 CVE References: CVE-2014-8116,CVE-2014-8117 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): file-5.19-9.1, python-magic-5.19-9.1 SUSE Linux Enterprise Server 12 (src): file-5.19-9.1 SUSE Linux Enterprise Desktop 12 (src): file-5.19-9.1
Sorry for the very long delay. There are no reproducers for the issue. I had a look at the code and SUSE:SLE-10-SP3:Update:Test file 4.21 SUSE:SLE-11:Update:Test file 4.24 seem to be vulnerable.
(In reply to Johannes Segitz from comment #15) Do you have a reproducer?
This because there is no recursion file-5.11/src/softmagic.c and below
Hmmm .... I already have submitted for SLES-11 and SLES-10
Beside this file 4.24 and below do not do a recursion in src/softmagic.c that IMHO there is no vulnerability. If you think this is not correct then please provide an example!
This is an autogenerated message for OBS integration: This bug (910252) was mentioned in https://build.opensuse.org/request/show/286645 13.1 / file https://build.opensuse.org/request/show/286646 13.2 / file
just saw the needinfo. We talked already in person about this, older versions are not affected
SUSE-SU-2017:3048-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1009966,1063269,910252,910253,913650,913651,917152,996511 CVE References: CVE-2014-8116,CVE-2014-8117,CVE-2014-9620,CVE-2014-9621,CVE-2014-9653 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): file-5.22-10.3.1, python-magic-5.22-10.3.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): file-5.22-10.3.1, python-magic-5.22-10.3.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): file-5.22-10.3.1 SUSE Linux Enterprise Server 12-SP3 (src): file-5.22-10.3.1 SUSE Linux Enterprise Server 12-SP2 (src): file-5.22-10.3.1 SUSE Linux Enterprise Desktop 12-SP3 (src): file-5.22-10.3.1 SUSE Linux Enterprise Desktop 12-SP2 (src): file-5.22-10.3.1 SUSE Container as a Service Platform ALL (src): file-5.22-10.3.1 OpenStack Cloud Magnum Orchestration 7 (src): file-5.22-10.3.1
openSUSE-SU-2017:3067-1: An update that solves 5 vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1009966,1063269,910252,910253,913650,913651,917152,996511 CVE References: CVE-2014-8116,CVE-2014-8117,CVE-2014-9620,CVE-2014-9621,CVE-2014-9653 Sources used: openSUSE Leap 42.3 (src): file-5.22-10.1, python-magic-5.22-10.1 openSUSE Leap 42.2 (src): file-5.22-7.3.1, python-magic-5.22-7.3.1