Bug 1180639 (CVE-2014-9620)

Summary: CVE-2014-9620 file: limit the number of ELF notes processed
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: harald, jkaluza, jorton, jrusnack, mmaslano, mmcallis, packaging-team-maint, rcollet, webstack-team
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: file 5.22 Doc Type: Bug Fix
Doc Text:
A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:37:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1180640, 1284826    
Bug Blocks: 1180646, 1278736    

Description Vasyl Kaigorodov 2015-01-09 15:44:49 UTC
It was reported [1] that file versions prior to 5.22 did not limit the number of ELF notes processed, which could lead to a local resource exhaustion.

Upstream fix:
https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4

This issue seems to be introduced here:
https://github.com/file/file/commit/956a45ab1c54b11304b367056f41905e72a02380#diff-bc5c24ef9f39a5f4963ca28ecbc645b3L423
which ended up in 5.08 release.

[1]: http://mx.gw.com/pipermail/file/2014/001653.html

Comment 1 Vasyl Kaigorodov 2015-01-09 15:45:17 UTC
Created file tracking bugs for this issue:

Affects: fedora-all [bug 1180640]

Comment 3 Francisco Alonso 2015-03-30 14:58:46 UTC
*** Bug 1175082 has been marked as a duplicate of this bug. ***

Comment 5 errata-xmlrpc 2016-05-10 19:47:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0760 https://rhn.redhat.com/errata/RHSA-2016-0760.html