Bug 1098209 (CVE-2014-0236)
| Summary: | CVE-2014-0236 file: root_storage NULL pointer deference flaw in CDF parser | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Francisco Alonso <falonso> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bressers, carnil, falonso, rcollet, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-30 10:57:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1065838 | ||
|
Description
Francisco Alonso
2014-05-15 13:30:50 UTC
Acknowledgment: This issue was discovered by Francisco Alonso of the Red Hat Security Response Team. Upstream fix (src/readcdf.c part of this upstream commit): https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-1 The versions of file in current Red Hat Enterprise Linux and Fedora versions, as well as versions of file included in the php packages in current Red Hat Enterprise Linux and Fedora versions, are older than 5.18 and hence are not affected by this issue. Statement: Not vulnerable. This issue did not affect the versions of file, php, and php53 as shipped with Red Hat Enterprise Linux 5 and 6. |