Bug 1188599 (CVE-2014-9652)

Summary: CVE-2014-9652 file: out of bounds read in mconvert()
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bgollahe, bleanhar, ccoleman, dmcphers, fedora, harald, jialiu, jkaluza, jkeck, jokerman, jorton, kanderso, ksrot, lmeyer, mmaslano, mmccomas, packaging-team-maint, rcollet, webstack-team, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: php 5.4.37, php 5.5.21, php 5.6.5, file 5.21 Doc Type: Bug Fix
Doc Text:
An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:38:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1204765, 1204766, 1205733, 1205734, 1238984    
Bug Blocks: 1185412, 1210213, 1210268    

Description Vasyl Kaigorodov 2015-02-03 10:58:47 UTC 
Out of bounds memory read was reported in file utility [1], which also affects PHP fileinfo module.
Upstream fix that resolves this for file utility:
https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158

PHP upstream fix:
https://github.com/php/php-src/commit/ede59c8feb4b80e1b94e4abdaa0711051e2912ab

[1]: http://bugs.gw.com/view.php?id=398
Comment 1 Francisco Alonso 2015-03-23 15:17:13 UTC 
Fixed upstream in PHP 5.6.5, 5.5.21 and 5.4.37:

http://php.net/ChangeLog-5.php#5.6.5
http://php.net/ChangeLog-5.php#5.5.21
http://php.net/ChangeLog-5.php#5.4.37
Comment 2 Francisco Alonso 2015-03-23 15:28:34 UTC 
Fixed upstream in file 5.21:

http://bugs.gw.com/changelog_page.php?version_id=36
Comment 7 errata-xmlrpc 2015-06-04 08:03:41 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1066 https://rhn.redhat.com/errata/RHSA-2015-1066.html
Comment 8 errata-xmlrpc 2015-06-04 08:07:05 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS

Via RHSA-2015:1053 https://rhn.redhat.com/errata/RHSA-2015-1053.html
Comment 9 errata-xmlrpc 2015-06-23 08:12:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1135 https://rhn.redhat.com/errata/RHSA-2015-1135.html
Comment 13 errata-xmlrpc 2015-11-19 08:10:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2155 https://rhn.redhat.com/errata/RHSA-2015-2155.html