Linux Security
    Linux Security
    Linux Security

    Debian: file fix arbitrary code execution DSA-1274-1

    Date 02 Apr 2007
    3587
    Posted By LinuxSecurity Advisories
    Updated package.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1274-1                This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                         Noah Meyerhans
    April 02, 2007
    - ------------------------------------------------------------------------
    
    Package        : file
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2007-1536
    CERT advisory  : 606700
    BugTraq ID     : 23021
    Debian Bug     : 415362 416678
    
    An integer underflow bug has been found in the file_printf function in
    file, a tool to determine file types based analysis of file content.
    The bug could allow an attacker to execute arbitrary code by inducing a
    local user to examine a specially crafted file that triggers a buffer
    overflow.
    
    For the stable distribution (sarge), this problem has been fixed in
    version 4.12-1sarge1.
    
    For the upcoming stable distribution (etch), this problem has been fixed in
    version 4.17-5etch1.
    
    For the unstable distribution (sid), this problem has been fixed in
    4.20-1.
    
    We recommend that you upgrade your file package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian (testing)
    - ----------------
    
    Testing updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.dsc
        Size/MD5 checksum:      693 951d84ef18e8738d58cda73d1680ce66
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.diff.gz
        Size/MD5 checksum:    24145 ef79b92b6d0d4af9985200abb3eb24f5
      https://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz
        Size/MD5 checksum:   556270 50919c65e0181423d66bb25d7fe7b0fd
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_alpha.deb
        Size/MD5 checksum:    32578 75a84c91d0dc6e4045e0307cc62fb918
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_alpha.deb
        Size/MD5 checksum:    70020 b69805d0887244d6b7918080df4e8b7b
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_alpha.deb
        Size/MD5 checksum:   281336 6276a026bb520a16fcfb947dc725eb43
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_alpha.deb
        Size/MD5 checksum:    23568 94acf8d52b7856807e71b35d60eb74af
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_amd64.deb
        Size/MD5 checksum:   276290 37c72fc764b288f8d4a7894f4cebf3ef
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_amd64.deb
        Size/MD5 checksum:    56574 2aba6876dd12752ea2ecd56f898ab9af
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_amd64.deb
        Size/MD5 checksum:    32104 0f00096249fe444ebb95ddae6492909c
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_amd64.deb
        Size/MD5 checksum:    23394 36dd3f866c7fb19e77d761b8416b4b2c
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_arm.deb
        Size/MD5 checksum:    31742 43b1a7fee3dfd774824f8293e9220073
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_arm.deb
        Size/MD5 checksum:   274096 1f863470c5588fbc24847bd1a1c7759f
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_arm.deb
        Size/MD5 checksum:    53536 ee901555075f56e83be246d395e4718c
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_arm.deb
        Size/MD5 checksum:    22818 748d71238d5e4e1624a57eaacf28ab5c
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_hppa.deb
        Size/MD5 checksum:    32648 55eae0d1ec07c49ccfe1345884dab0f0
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_hppa.deb
        Size/MD5 checksum:   281328 0921611f2e7dbf5f1d94ded1e7887321
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_hppa.deb
        Size/MD5 checksum:    63238 69270cb5bd7219367fcf269f1c624cb0
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_hppa.deb
        Size/MD5 checksum:    23892 98ac67130b2f5c8faadba02c304bee05
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_i386.deb
        Size/MD5 checksum:   275476 73727e6a1bee1b2050fe7d010fb832d2
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_i386.deb
        Size/MD5 checksum:    31714 e016c717ba5d75feede13eeeab5f7cf3
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_i386.deb
        Size/MD5 checksum:    22632 d4f1bd064d6531149b5b643b102bf1da
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_i386.deb
        Size/MD5 checksum:    53782 cb34870b1e90d01a8cf7894b8b2b3559
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_ia64.deb
        Size/MD5 checksum:    34260 4e287815dbec95b699ee6ea1b2151f7c
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_ia64.deb
        Size/MD5 checksum:    24600 51d7107c00e200715bddee79f4b53749
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_ia64.deb
        Size/MD5 checksum:   291318 1573c597577a1db4fbca2295fb790793
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_ia64.deb
        Size/MD5 checksum:    74386 b8c3908f66d5db52ec48d606e709beb4
    
    m68k architecture (Motorola Mc680x0)
    
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_m68k.deb
        Size/MD5 checksum:    22988 4eefbe6fc4cf61b37bc34854a7438b5a
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_m68k.deb
        Size/MD5 checksum:    51348 f72decddef01b440a841a039eafb1092
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_m68k.deb
        Size/MD5 checksum:   275476 ce16292818420b3de04de3dc16ff1a1e
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_m68k.deb
        Size/MD5 checksum:    31570 cf983c2f04cba4ac2674fff5af0cfa5a
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_mipsel.deb
        Size/MD5 checksum:   275660 e342725b89601aba62ddb1a03f33af5c
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_mipsel.deb
        Size/MD5 checksum:    23052 797b6cfb28601868bb148998f8d49615
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_mipsel.deb
        Size/MD5 checksum:    32322 7bc9c065901e11cec20dd0847d599667
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_mipsel.deb
        Size/MD5 checksum:    61390 53f30479c3d8f562c14862d2c194ee0b
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_powerpc.deb
        Size/MD5 checksum:    24616 64e39d96465acd81c26eeae8507e343b
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_powerpc.deb
        Size/MD5 checksum:    59796 d2fcf2ce16799b78bd09f56c7c9d6461
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_powerpc.deb
        Size/MD5 checksum:   278352 c2eda0cd03692bfb6375540367a4879e
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_powerpc.deb
        Size/MD5 checksum:    33726 0f5095a99deea057dfbd2a9ef1927b07
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_s390.deb
        Size/MD5 checksum:    32252 ddf5036309547eeb00c80f2e3b9e475c
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_s390.deb
        Size/MD5 checksum:    58528 ab83218ff4202b043df421c10da4b54d
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_s390.deb
        Size/MD5 checksum:   278388 25db07b89c16397c0124623e1dc83711
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_s390.deb
        Size/MD5 checksum:    23552 400fb303defedd99650f169d8aac9a07
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_sparc.deb
        Size/MD5 checksum:    55700 d0032c600fb63d0dc4a75d2418cf1011
      https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_sparc.deb
        Size/MD5 checksum:    31868 7c102bd051db8b5ab30115e738b14165
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_sparc.deb
        Size/MD5 checksum:   275312 dad1ced332b6cd4f589ce5092e2cf6aa
      https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_sparc.deb
        Size/MD5 checksum:    22866 2d7a344cf2dafa77f7715f87ebb95bec
    
    Debian 3.1 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.diff.gz
        Size/MD5 checksum:    17938 280dd71f4e252f06075c39bfaa299c30
      https://security.debian.org/pool/updates/main/f/file/file_4.12.orig.tar.gz
        Size/MD5 checksum:   414600 09488a9d62bc6627b48a8c93e12d72f8
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.dsc
        Size/MD5 checksum:      617 35369fd62fb18da83aaeb7c4f344dd4c
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_alpha.deb
        Size/MD5 checksum:   238446 6ab7e10b3ccd6996257358441944cc4c
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_alpha.deb
        Size/MD5 checksum:    60372 5d9f2ab63560957deaaf094402876595
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_alpha.deb
        Size/MD5 checksum:    29802 2a93ec360a35a307275f5289835756ee
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_amd64.deb
        Size/MD5 checksum:    48820 94792b5f5fc9d54a048ed5fd84f68bd8
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_amd64.deb
        Size/MD5 checksum:   234488 0eb406eb95834f062d48ac634d9f692a
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_amd64.deb
        Size/MD5 checksum:    29392 083ff4d77e47544fc823abd5cde77c3b
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_arm.deb
        Size/MD5 checksum:    48120 75fb618134a4d6b76e5899273ac7abce
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_arm.deb
        Size/MD5 checksum:    28770 a7be2037c858590be36fb0ddab26232a
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_arm.deb
        Size/MD5 checksum:   231616 58646ecdaaac4fee66d65cedb9d7afa3
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_hppa.deb
        Size/MD5 checksum:    52528 271a0268649c27e6a0a5a3363d660158
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_hppa.deb
        Size/MD5 checksum:   238184 6ea1a29a90b1b6571c657d80f70fd8b7
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_hppa.deb
        Size/MD5 checksum:    29892 90f8c9693d044447b3936c525f07ac71
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_i386.deb
        Size/MD5 checksum:    28778 5dc2a6e2ae0e369822375952d4f09661
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_i386.deb
        Size/MD5 checksum:    45386 3526099e71273498e46541578303ca4c
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_i386.deb
        Size/MD5 checksum:   234522 606140908844c8181f9e0a53c15374e4
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_ia64.deb
        Size/MD5 checksum:   244072 3cbf0c667572a10a5f8579d53eafbe3d
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_ia64.deb
        Size/MD5 checksum:    61296 267571facbab4099dbfb12d89400e74c
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ia64.deb
        Size/MD5 checksum:    30942 88099993187e92e188802b7d8996fda9
    
    m68k architecture (Motorola Mc680x0)
    
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_m68k.deb
        Size/MD5 checksum:   232484 c35535ce37901120062d47431066e946
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_m68k.deb
        Size/MD5 checksum:    28710 601b08cb90d21aac8bed905e2d554a84
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_m68k.deb
        Size/MD5 checksum:    42630 82849929ce261da16590c876a2e7a978
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mips.deb
        Size/MD5 checksum:   234744 0a50e0dfe8370a65a0899943c1bd6506
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mips.deb
        Size/MD5 checksum:    52510 fcb6e150660aff04c5b487e999814a03
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mips.deb
        Size/MD5 checksum:    29620 36c0183df84f44516c6e32668a2236b1
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mipsel.deb
        Size/MD5 checksum:    52534 6d556dcaaf27cdc86a69b1fe11c89b8b
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mipsel.deb
        Size/MD5 checksum:   234558 aaed5e4d40c36b31f201c93613dd0c20
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mipsel.deb
        Size/MD5 checksum:    29620 c00d1715534ff3b95a6c6156290e4800
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_powerpc.deb
        Size/MD5 checksum:   236644 1f7fbf49b8818db458ead63b043d8fea
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_powerpc.deb
        Size/MD5 checksum:    30658 7152ead6e4a9e9f37fde881577f02caa
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_powerpc.deb
        Size/MD5 checksum:    51396 16ff41ac4bbfcc6565b5145c17aedf80
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_s390.deb
        Size/MD5 checksum:    29450 66990243c08fcccf849951cea6d4dedb
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_s390.deb
        Size/MD5 checksum:    50394 f39ed1ee907ec2e1c498aad4dbddcdef
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_s390.deb
        Size/MD5 checksum:   236116 b5cda283c9db32b89e5441194a335302
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_sparc.deb
        Size/MD5 checksum:    28856 11efe46dea9c9b490783766edb31d521
      https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_sparc.deb
        Size/MD5 checksum:    48308 ea756379607f0078a1d58a87b1c4ec6b
      https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_sparc.deb
        Size/MD5 checksum:   234004 32eecd3db459b68c992cd3e87d9f15c1
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"12","type":"x","order":"1","pct":6.82,"resources":[]},{"id":"159","title":"False","votes":"164","type":"x","order":"2","pct":93.18,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    You have already voted for this poll.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.