Joined: 12 May 2004
|Posted: Sun Oct 08, 2017 2:26 pm Post subject: [ GLSA 201710-02 ] file
|Gentoo Linux Security Advisory
Title: file: Stack-based buffer overflow (GLSA 201710-02)
A stack-based buffer overflow was found in file, possibly resulting
in the execution of arbitrary code.
file is a utility that guesses a file format by scanning binary data for
Vulnerable: < 5.32
Unaffected: >= 5.32
Architectures: All supported architectures
An issue discovered in file allows attackers to write 20 bytes to the
stack buffer via a specially crafted .notes section.
A remote attacker, by using a specially crafted .notes section in an ELF
binary, could execute arbitrary code or cause a Denial of Service
There is no known workaround at this time.
All file users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/file-5.32"