Contributed by jose on from the strange-but-true dept.
" http://www.idefense.com/advisory/03.04.03.txtIt looks like no -stable updates to file will be provided, but if you run OpenBSD 3.2-stable (and probably 3.1-stable) you may want to roll your own patch for this. Basically, some products run file(1) to figure out how to process unknown data. If you routinely run file(1) on untrusted data, you may want to prepare your own patch. From the looks of things you can drop -current's source code for file(1) into a 3.2 system.
openbsd's version of file is 3.22 and therefore vulnerable. but until now seems no errata entry on the openbsd site. i finished just cvs'ing 3.2-stable now, but seems no updates to file(1) at all."
(Comments are closed)