lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <46D465FE.9050602@shockley.net> Date: Tue, 28 Aug 2007 14:14:22 -0400 From: Steve Shockley <steve.shockley@...ckley.net> To: bugtraq@...urityfocus.com Subject: Re: OpenBSD 4.1 - Heap overflow vulnerabillity acheddamiman@...il.com wrote: > The command "file" is vulnerable to heap overflow. > > Solution: > > Patch the kernel source with: > ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/common/009_file.patch > > By AchedDamiman This is CVE-2007-1536, discovered by Jean-Sebastien Guay-Leroux. Patches are also available for OpenBSD 4.0: http://openbsd.org/errata40.html#015_file