Debian: New file packages fix arbitrary code execution

    Date02 Apr 2007
    CategoryDebian
    3443
    Posted ByLinuxSecurity Advisories
    Updated package.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1274-1                This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Noah Meyerhans
    April 02, 2007
    - ------------------------------------------------------------------------
    
    Package        : file
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2007-1536
    CERT advisory  : 606700
    BugTraq ID     : 23021
    Debian Bug     : 415362 416678
    
    An integer underflow bug has been found in the file_printf function in
    file, a tool to determine file types based analysis of file content.
    The bug could allow an attacker to execute arbitrary code by inducing a
    local user to examine a specially crafted file that triggers a buffer
    overflow.
    
    For the stable distribution (sarge), this problem has been fixed in
    version 4.12-1sarge1.
    
    For the upcoming stable distribution (etch), this problem has been fixed in
    version 4.17-5etch1.
    
    For the unstable distribution (sid), this problem has been fixed in
    4.20-1.
    
    We recommend that you upgrade your file package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian (testing)
    - ----------------
    
    Testing updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.dsc
        Size/MD5 checksum:      693 951d84ef18e8738d58cda73d1680ce66
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.diff.gz
        Size/MD5 checksum:    24145 ef79b92b6d0d4af9985200abb3eb24f5
      http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz
        Size/MD5 checksum:   556270 50919c65e0181423d66bb25d7fe7b0fd
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_alpha.deb
        Size/MD5 checksum:    32578 75a84c91d0dc6e4045e0307cc62fb918
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_alpha.deb
        Size/MD5 checksum:    70020 b69805d0887244d6b7918080df4e8b7b
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_alpha.deb
        Size/MD5 checksum:   281336 6276a026bb520a16fcfb947dc725eb43
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_alpha.deb
        Size/MD5 checksum:    23568 94acf8d52b7856807e71b35d60eb74af
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_amd64.deb
        Size/MD5 checksum:   276290 37c72fc764b288f8d4a7894f4cebf3ef
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_amd64.deb
        Size/MD5 checksum:    56574 2aba6876dd12752ea2ecd56f898ab9af
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_amd64.deb
        Size/MD5 checksum:    32104 0f00096249fe444ebb95ddae6492909c
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_amd64.deb
        Size/MD5 checksum:    23394 36dd3f866c7fb19e77d761b8416b4b2c
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_arm.deb
        Size/MD5 checksum:    31742 43b1a7fee3dfd774824f8293e9220073
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_arm.deb
        Size/MD5 checksum:   274096 1f863470c5588fbc24847bd1a1c7759f
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_arm.deb
        Size/MD5 checksum:    53536 ee901555075f56e83be246d395e4718c
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_arm.deb
        Size/MD5 checksum:    22818 748d71238d5e4e1624a57eaacf28ab5c
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_hppa.deb
        Size/MD5 checksum:    32648 55eae0d1ec07c49ccfe1345884dab0f0
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_hppa.deb
        Size/MD5 checksum:   281328 0921611f2e7dbf5f1d94ded1e7887321
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_hppa.deb
        Size/MD5 checksum:    63238 69270cb5bd7219367fcf269f1c624cb0
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_hppa.deb
        Size/MD5 checksum:    23892 98ac67130b2f5c8faadba02c304bee05
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_i386.deb
        Size/MD5 checksum:   275476 73727e6a1bee1b2050fe7d010fb832d2
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_i386.deb
        Size/MD5 checksum:    31714 e016c717ba5d75feede13eeeab5f7cf3
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_i386.deb
        Size/MD5 checksum:    22632 d4f1bd064d6531149b5b643b102bf1da
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_i386.deb
        Size/MD5 checksum:    53782 cb34870b1e90d01a8cf7894b8b2b3559
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_ia64.deb
        Size/MD5 checksum:    34260 4e287815dbec95b699ee6ea1b2151f7c
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_ia64.deb
        Size/MD5 checksum:    24600 51d7107c00e200715bddee79f4b53749
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_ia64.deb
        Size/MD5 checksum:   291318 1573c597577a1db4fbca2295fb790793
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_ia64.deb
        Size/MD5 checksum:    74386 b8c3908f66d5db52ec48d606e709beb4
    
    m68k architecture (Motorola Mc680x0)
    
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_m68k.deb
        Size/MD5 checksum:    22988 4eefbe6fc4cf61b37bc34854a7438b5a
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_m68k.deb
        Size/MD5 checksum:    51348 f72decddef01b440a841a039eafb1092
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_m68k.deb
        Size/MD5 checksum:   275476 ce16292818420b3de04de3dc16ff1a1e
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_m68k.deb
        Size/MD5 checksum:    31570 cf983c2f04cba4ac2674fff5af0cfa5a
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_mipsel.deb
        Size/MD5 checksum:   275660 e342725b89601aba62ddb1a03f33af5c
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_mipsel.deb
        Size/MD5 checksum:    23052 797b6cfb28601868bb148998f8d49615
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_mipsel.deb
        Size/MD5 checksum:    32322 7bc9c065901e11cec20dd0847d599667
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_mipsel.deb
        Size/MD5 checksum:    61390 53f30479c3d8f562c14862d2c194ee0b
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_powerpc.deb
        Size/MD5 checksum:    24616 64e39d96465acd81c26eeae8507e343b
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_powerpc.deb
        Size/MD5 checksum:    59796 d2fcf2ce16799b78bd09f56c7c9d6461
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_powerpc.deb
        Size/MD5 checksum:   278352 c2eda0cd03692bfb6375540367a4879e
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_powerpc.deb
        Size/MD5 checksum:    33726 0f5095a99deea057dfbd2a9ef1927b07
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_s390.deb
        Size/MD5 checksum:    32252 ddf5036309547eeb00c80f2e3b9e475c
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_s390.deb
        Size/MD5 checksum:    58528 ab83218ff4202b043df421c10da4b54d
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_s390.deb
        Size/MD5 checksum:   278388 25db07b89c16397c0124623e1dc83711
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_s390.deb
        Size/MD5 checksum:    23552 400fb303defedd99650f169d8aac9a07
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_sparc.deb
        Size/MD5 checksum:    55700 d0032c600fb63d0dc4a75d2418cf1011
      http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_sparc.deb
        Size/MD5 checksum:    31868 7c102bd051db8b5ab30115e738b14165
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_sparc.deb
        Size/MD5 checksum:   275312 dad1ced332b6cd4f589ce5092e2cf6aa
      http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_sparc.deb
        Size/MD5 checksum:    22866 2d7a344cf2dafa77f7715f87ebb95bec
    
    Debian 3.1 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.diff.gz
        Size/MD5 checksum:    17938 280dd71f4e252f06075c39bfaa299c30
      http://security.debian.org/pool/updates/main/f/file/file_4.12.orig.tar.gz
        Size/MD5 checksum:   414600 09488a9d62bc6627b48a8c93e12d72f8
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.dsc
        Size/MD5 checksum:      617 35369fd62fb18da83aaeb7c4f344dd4c
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_alpha.deb
        Size/MD5 checksum:   238446 6ab7e10b3ccd6996257358441944cc4c
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_alpha.deb
        Size/MD5 checksum:    60372 5d9f2ab63560957deaaf094402876595
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_alpha.deb
        Size/MD5 checksum:    29802 2a93ec360a35a307275f5289835756ee
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_amd64.deb
        Size/MD5 checksum:    48820 94792b5f5fc9d54a048ed5fd84f68bd8
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_amd64.deb
        Size/MD5 checksum:   234488 0eb406eb95834f062d48ac634d9f692a
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_amd64.deb
        Size/MD5 checksum:    29392 083ff4d77e47544fc823abd5cde77c3b
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_arm.deb
        Size/MD5 checksum:    48120 75fb618134a4d6b76e5899273ac7abce
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_arm.deb
        Size/MD5 checksum:    28770 a7be2037c858590be36fb0ddab26232a
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_arm.deb
        Size/MD5 checksum:   231616 58646ecdaaac4fee66d65cedb9d7afa3
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_hppa.deb
        Size/MD5 checksum:    52528 271a0268649c27e6a0a5a3363d660158
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_hppa.deb
        Size/MD5 checksum:   238184 6ea1a29a90b1b6571c657d80f70fd8b7
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_hppa.deb
        Size/MD5 checksum:    29892 90f8c9693d044447b3936c525f07ac71
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_i386.deb
        Size/MD5 checksum:    28778 5dc2a6e2ae0e369822375952d4f09661
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_i386.deb
        Size/MD5 checksum:    45386 3526099e71273498e46541578303ca4c
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_i386.deb
        Size/MD5 checksum:   234522 606140908844c8181f9e0a53c15374e4
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_ia64.deb
        Size/MD5 checksum:   244072 3cbf0c667572a10a5f8579d53eafbe3d
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_ia64.deb
        Size/MD5 checksum:    61296 267571facbab4099dbfb12d89400e74c
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ia64.deb
        Size/MD5 checksum:    30942 88099993187e92e188802b7d8996fda9
    
    m68k architecture (Motorola Mc680x0)
    
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_m68k.deb
        Size/MD5 checksum:   232484 c35535ce37901120062d47431066e946
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_m68k.deb
        Size/MD5 checksum:    28710 601b08cb90d21aac8bed905e2d554a84
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_m68k.deb
        Size/MD5 checksum:    42630 82849929ce261da16590c876a2e7a978
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mips.deb
        Size/MD5 checksum:   234744 0a50e0dfe8370a65a0899943c1bd6506
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mips.deb
        Size/MD5 checksum:    52510 fcb6e150660aff04c5b487e999814a03
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mips.deb
        Size/MD5 checksum:    29620 36c0183df84f44516c6e32668a2236b1
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mipsel.deb
        Size/MD5 checksum:    52534 6d556dcaaf27cdc86a69b1fe11c89b8b
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mipsel.deb
        Size/MD5 checksum:   234558 aaed5e4d40c36b31f201c93613dd0c20
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mipsel.deb
        Size/MD5 checksum:    29620 c00d1715534ff3b95a6c6156290e4800
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_powerpc.deb
        Size/MD5 checksum:   236644 1f7fbf49b8818db458ead63b043d8fea
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_powerpc.deb
        Size/MD5 checksum:    30658 7152ead6e4a9e9f37fde881577f02caa
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_powerpc.deb
        Size/MD5 checksum:    51396 16ff41ac4bbfcc6565b5145c17aedf80
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_s390.deb
        Size/MD5 checksum:    29450 66990243c08fcccf849951cea6d4dedb
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_s390.deb
        Size/MD5 checksum:    50394 f39ed1ee907ec2e1c498aad4dbddcdef
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_s390.deb
        Size/MD5 checksum:   236116 b5cda283c9db32b89e5441194a335302
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_sparc.deb
        Size/MD5 checksum:    28856 11efe46dea9c9b490783766edb31d521
      http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_sparc.deb
        Size/MD5 checksum:    48308 ea756379607f0078a1d58a87b1c4ec6b
      http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_sparc.deb
        Size/MD5 checksum:   234004 32eecd3db459b68c992cd3e87d9f15c1
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.