Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 03 Jul 2014 01:49:42 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2014-0235 cleanup

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 03/07/14 01:40 AM, Solar Designer wrote:
> Kurt,
> 
> On Thu, Jul 03, 2014 at 01:32:31AM -0600, Kurt Seifried wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1098222 is for a
>> single issue, an incomplete fix for CVE-2013-7345.
>> 
>> Please use CVE-2014-3538 for 
>> https://bugzilla.redhat.com/show_bug.cgi?id=1098222
> 
> Kurt, please always include (at least one-sentence) CVE
> descriptions in your postings.  Not everyone is into CVEs as much
> as you are, and not everyone will bother visiting URLs for an issue
> that is only potentially relevant to them.  In this case, it's
> "file: extensive backtracking in awk rule regular expression".
> 
> Thanks,
> 
> Alexander
> 

Ok

CVE-2014-3538 file: extensive backtracking in awk rule regular
expression (incomplete fix for CVE-2013-7345)

It was discovered the original upstream fix for the CVE-2013-7345
issue (bug 1079846) did not sufficiently address the problem.  A
specially-crafted input file could still cause file to use an
excessive amount of CPU time when trying to detect file type using awk
regular expression rule.


- -- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTtQsWAAoJEBYNRVNeJnmTojoP/iNFQMKEh8sk/xfdWpelfdGZ
Q7bDpQEL34DfdYU48URcHHHTfEZbsrqF89LnATFVQFRzP1YZQN8S5MbFgTZ8cQCz
tUjFXiz0IkfKc81ozZSFPYI+f6r3JZecKtYixgWunPnlSm48UTn3pQw/MS/Gt+ix
xjc1ZLeH7Ws4usOUgXc2jduFTRwUCSaiWKycAu9eY9KuuReHmPdEZ56f3D/g9EZu
XHXNUgtVpGpy9rkona3kgafTD3iyU3UFW4y857faG5QIea9W5Z6lm3l+vLJVrBs1
hPeD7m9DY93Ru4D156w8oxTSaqs4wZAIkJQgGZxvBFHYgbWQ2n2a0PeKZ4Uguwt4
g5PezQUoeAzW+4nOVb36wdR7ifuzHnqquuvvUPL5ERK+kgnZ83ujPgeOCoDBO7Bs
yK47Jvfe6gAmTnw6k+jzk7YxD+fSkYr84bwng3AEosH9mEXQIHMajdW726v8DZC9
tgdHxtx5V7fZYldEmQvYqWN6BcE/XZS5uFmQzfkTSkiANA1VifqOFD+dpBplsYrU
sTpcfZRpjGewmV7kE1upHH0vbTj8NUiWSoDjnmO4iNCdXcv3Ea0oL/CEEj0heZx5
HXAg/da1JwE4e9kI+A4Jm2mBNri3b3BHQOz74PRyRMZYRfBX21eccWKQm0Ec5NXe
v7DSJQd24wax8WzT0v2T
=FY8y
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ