[opensuse-security] file(1) vulnerability? (CVE-2007-1536)
Hello, are SuSE/OpenSuSE distributions vulnerable to CVE-2007-1536 (file(1) buffer overflow), too? I could not find any info about that, neither at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 nor at http://www.securityfocus.com/bid/23021 where many distros are mentioned, but not SuSE. Any hints? Best regards Matthias --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Mon, Mar 26, 2007 at 05:24:19PM +0200, Matthias Ferdinand wrote:
Hello,
are SuSE/OpenSuSE distributions vulnerable to CVE-2007-1536 (file(1) buffer overflow), too? I could not find any info about that, neither at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 nor at http://www.securityfocus.com/bid/23021 where many distros are mentioned, but not SuSE.
Yes. However it is likely not exploitable, the heap checking abort()s file pretty quickly. We are already preparing updates. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (2)
-
Marcus Meissner -
Matthias Ferdinand