[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070322021501.GM22797@outflux.net>
Date: Wed, 21 Mar 2007 19:15:01 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-439-1] file vulnerability
===========================================================
Ubuntu Security Notice USN-439-1 March 21, 2007
file vulnerability
CVE-2007-1536
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libmagic1 4.12-1ubuntu1.1
Ubuntu 6.06 LTS:
libmagic1 4.16-0ubuntu3.1
Ubuntu 6.10:
libmagic1 4.17-2ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Jean-Sebastien Guay-Leroux discovered that "file" did not correctly
check the size of allocated heap memory. If a user were tricked into
examining a specially crafted file with the "file" utility, a remote
attacker could execute arbitrary code with user privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1.diff.gz
Size/MD5: 18552 c85d5a00ee29c9170afee55293ca37ca
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1.dsc
Size/MD5: 623 72160fcadb7d01c484a0a79b7bdf825c
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12.orig.tar.gz
Size/MD5: 414600 09488a9d62bc6627b48a8c93e12d72f8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_amd64.deb
Size/MD5: 29366 75d04066ad3afc6bdb1b488cff5dedab
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_amd64.deb
Size/MD5: 49450 0e4a0b381502e2115ed61cc324eed0fb
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_amd64.deb
Size/MD5: 235262 d7f8dce54762b639b773b8fcc3fc45bc
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_i386.deb
Size/MD5: 28800 401e42b243afd3bd059c2497649b679b
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_i386.deb
Size/MD5: 45152 aeb15ed214acc55c84043099ab477b3e
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_i386.deb
Size/MD5: 232758 7500a44085c9bee34dd068fb87d61103
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_powerpc.deb
Size/MD5: 30836 c787d5a4eeafe567cedc8667156a6ce2
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_powerpc.deb
Size/MD5: 51694 3ef959cd768a6720bdb17c4cce39edd2
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_powerpc.deb
Size/MD5: 236856 15cbd2b74eac5a410bc371c9a0ed83a7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_sparc.deb
Size/MD5: 29238 50999a9a8aeec88aba86a81683755350
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_sparc.deb
Size/MD5: 48312 44141db3e78534d780ef4026d0258082
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_sparc.deb
Size/MD5: 234212 48c7d3456a65d99c493a360556fffef6
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1.diff.gz
Size/MD5: 21828 d230945e9b35d6655c32c96611fc0a4b
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1.dsc
Size/MD5: 677 bcf6495e121e4a238f2b657b310a5021
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16.orig.tar.gz
Size/MD5: 548877 9bc5a7017ab7bd544f288fd931ec741a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.16-0ubuntu3.1_all.deb
Size/MD5: 18258 2d77ff6c9242211ffdc920ad3984eafd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_amd64.deb
Size/MD5: 31316 5369e945a10457e4cca3eae1f25a1858
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_amd64.deb
Size/MD5: 55034 3177a21a8c92071a0849d6c7006d69a2
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_amd64.deb
Size/MD5: 265994 e255df22f1ad518c79a42995d8454717
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_amd64.deb
Size/MD5: 22450 f1dcc8d494e5ac8045139e4a9187c9d8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_i386.deb
Size/MD5: 30720 9bbadde7d17220a0818c1e91159eee12
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_i386.deb
Size/MD5: 50842 f3127cde3e93a20412454c57e3e0536e
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_i386.deb
Size/MD5: 263408 a295163ebf68567889e7a21ee98c8297
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_i386.deb
Size/MD5: 21878 9dd99636710c9ed4c0784ea0f5ed473c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_powerpc.deb
Size/MD5: 32858 6f5e91dfa3456074fbae386f2b3baa01
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_powerpc.deb
Size/MD5: 57398 47c9365062492f776768a055541f21f7
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_powerpc.deb
Size/MD5: 267518 bcc3b19f0981aceabb6123dbf13ca36d
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_powerpc.deb
Size/MD5: 23756 514db4324606f6c626cb1b67ce237239
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_sparc.deb
Size/MD5: 31108 8f96aeab5f58013a9fc9def13b51bf93
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_sparc.deb
Size/MD5: 53764 96749f2b398e90f837c28965ed717023
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_sparc.deb
Size/MD5: 264778 7ecf2276b91b2312493d10baa75dc731
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_sparc.deb
Size/MD5: 22006 08ec0590d790f20c3fca0288fd37d3a3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1.diff.gz
Size/MD5: 22941 d607b95d69ad8046e84f98e107bd1039
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1.dsc
Size/MD5: 701 15986aa0256a53879151d2244e8f57d3
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17.orig.tar.gz
Size/MD5: 556270 50919c65e0181423d66bb25d7fe7b0fd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_amd64.deb
Size/MD5: 31868 5ab604b74993ec8e6d89de70596671bf
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_amd64.deb
Size/MD5: 56614 946e3e5dbd54b02e6d2a9e0d8f85ca32
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_amd64.deb
Size/MD5: 276554 27feb334273e1650adf1af5372c0d3f0
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_amd64.deb
Size/MD5: 24180 4b8799f65dc9b22fa396e32f5168c6b9
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_i386.deb
Size/MD5: 31338 2a1b45850880c25f0b8d5240e5481771
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_i386.deb
Size/MD5: 53798 7107487e84985c35c708b3296cafd0ef
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_i386.deb
Size/MD5: 275724 539ba579996db45626ff3cc149a702be
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_i386.deb
Size/MD5: 23958 4c675ec3fb2e510450adbdabede66acb
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_powerpc.deb
Size/MD5: 33578 1a4a883b7dee2b9ad0608ebe4d54222f
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_powerpc.deb
Size/MD5: 60044 94c9a268b63b299824c03abb0ccf6ee8
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_powerpc.deb
Size/MD5: 278720 5b9bc99fd7829a8356985c8708522206
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_powerpc.deb
Size/MD5: 26676 309a181f2f4eeb93e30e4b472c0c3938
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_sparc.deb
Size/MD5: 31640 2ff0910e144631af7954eb22b818b133
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_sparc.deb
Size/MD5: 56544 aff8e0bc4e38f6f0c18a35c5475dc2f7
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_sparc.deb
Size/MD5: 276232 4eb64ba16f5ef96c8be0de24a9e3ca6e
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_sparc.deb
Size/MD5: 23908 52597b5ee13107a11cdad91f25035e86
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists