lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070322021501.GM22797@outflux.net>
Date: Wed, 21 Mar 2007 19:15:01 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-439-1] file vulnerability

=========================================================== 
Ubuntu Security Notice USN-439-1             March 21, 2007
file vulnerability
CVE-2007-1536
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libmagic1                                4.12-1ubuntu1.1

Ubuntu 6.06 LTS:
  libmagic1                                4.16-0ubuntu3.1

Ubuntu 6.10:
  libmagic1                                4.17-2ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Jean-Sebastien Guay-Leroux discovered that "file" did not correctly 
check the size of allocated heap memory.  If a user were tricked into 
examining a specially crafted file with the "file" utility, a remote 
attacker could execute arbitrary code with user privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1.diff.gz
      Size/MD5:    18552 c85d5a00ee29c9170afee55293ca37ca
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1.dsc
      Size/MD5:      623 72160fcadb7d01c484a0a79b7bdf825c
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12.orig.tar.gz
      Size/MD5:   414600 09488a9d62bc6627b48a8c93e12d72f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_amd64.deb
      Size/MD5:    29366 75d04066ad3afc6bdb1b488cff5dedab
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_amd64.deb
      Size/MD5:    49450 0e4a0b381502e2115ed61cc324eed0fb
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_amd64.deb
      Size/MD5:   235262 d7f8dce54762b639b773b8fcc3fc45bc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_i386.deb
      Size/MD5:    28800 401e42b243afd3bd059c2497649b679b
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_i386.deb
      Size/MD5:    45152 aeb15ed214acc55c84043099ab477b3e
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_i386.deb
      Size/MD5:   232758 7500a44085c9bee34dd068fb87d61103

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_powerpc.deb
      Size/MD5:    30836 c787d5a4eeafe567cedc8667156a6ce2
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_powerpc.deb
      Size/MD5:    51694 3ef959cd768a6720bdb17c4cce39edd2
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_powerpc.deb
      Size/MD5:   236856 15cbd2b74eac5a410bc371c9a0ed83a7

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_sparc.deb
      Size/MD5:    29238 50999a9a8aeec88aba86a81683755350
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_sparc.deb
      Size/MD5:    48312 44141db3e78534d780ef4026d0258082
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_sparc.deb
      Size/MD5:   234212 48c7d3456a65d99c493a360556fffef6

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1.diff.gz
      Size/MD5:    21828 d230945e9b35d6655c32c96611fc0a4b
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1.dsc
      Size/MD5:      677 bcf6495e121e4a238f2b657b310a5021
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16.orig.tar.gz
      Size/MD5:   548877 9bc5a7017ab7bd544f288fd931ec741a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.16-0ubuntu3.1_all.deb
      Size/MD5:    18258 2d77ff6c9242211ffdc920ad3984eafd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_amd64.deb
      Size/MD5:    31316 5369e945a10457e4cca3eae1f25a1858
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_amd64.deb
      Size/MD5:    55034 3177a21a8c92071a0849d6c7006d69a2
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_amd64.deb
      Size/MD5:   265994 e255df22f1ad518c79a42995d8454717
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_amd64.deb
      Size/MD5:    22450 f1dcc8d494e5ac8045139e4a9187c9d8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_i386.deb
      Size/MD5:    30720 9bbadde7d17220a0818c1e91159eee12
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_i386.deb
      Size/MD5:    50842 f3127cde3e93a20412454c57e3e0536e
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_i386.deb
      Size/MD5:   263408 a295163ebf68567889e7a21ee98c8297
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_i386.deb
      Size/MD5:    21878 9dd99636710c9ed4c0784ea0f5ed473c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_powerpc.deb
      Size/MD5:    32858 6f5e91dfa3456074fbae386f2b3baa01
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_powerpc.deb
      Size/MD5:    57398 47c9365062492f776768a055541f21f7
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_powerpc.deb
      Size/MD5:   267518 bcc3b19f0981aceabb6123dbf13ca36d
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_powerpc.deb
      Size/MD5:    23756 514db4324606f6c626cb1b67ce237239

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_sparc.deb
      Size/MD5:    31108 8f96aeab5f58013a9fc9def13b51bf93
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_sparc.deb
      Size/MD5:    53764 96749f2b398e90f837c28965ed717023
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_sparc.deb
      Size/MD5:   264778 7ecf2276b91b2312493d10baa75dc731
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_sparc.deb
      Size/MD5:    22006 08ec0590d790f20c3fca0288fd37d3a3

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1.diff.gz
      Size/MD5:    22941 d607b95d69ad8046e84f98e107bd1039
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1.dsc
      Size/MD5:      701 15986aa0256a53879151d2244e8f57d3
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17.orig.tar.gz
      Size/MD5:   556270 50919c65e0181423d66bb25d7fe7b0fd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_amd64.deb
      Size/MD5:    31868 5ab604b74993ec8e6d89de70596671bf
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_amd64.deb
      Size/MD5:    56614 946e3e5dbd54b02e6d2a9e0d8f85ca32
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_amd64.deb
      Size/MD5:   276554 27feb334273e1650adf1af5372c0d3f0
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_amd64.deb
      Size/MD5:    24180 4b8799f65dc9b22fa396e32f5168c6b9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_i386.deb
      Size/MD5:    31338 2a1b45850880c25f0b8d5240e5481771
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_i386.deb
      Size/MD5:    53798 7107487e84985c35c708b3296cafd0ef
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_i386.deb
      Size/MD5:   275724 539ba579996db45626ff3cc149a702be
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_i386.deb
      Size/MD5:    23958 4c675ec3fb2e510450adbdabede66acb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_powerpc.deb
      Size/MD5:    33578 1a4a883b7dee2b9ad0608ebe4d54222f
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_powerpc.deb
      Size/MD5:    60044 94c9a268b63b299824c03abb0ccf6ee8
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_powerpc.deb
      Size/MD5:   278720 5b9bc99fd7829a8356985c8708522206
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_powerpc.deb
      Size/MD5:    26676 309a181f2f4eeb93e30e4b472c0c3938

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_sparc.deb
      Size/MD5:    31640 2ff0910e144631af7954eb22b818b133
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_sparc.deb
      Size/MD5:    56544 aff8e0bc4e38f6f0c18a35c5475dc2f7
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_sparc.deb
      Size/MD5:   276232 4eb64ba16f5ef96c8be0de24a9e3ca6e
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_sparc.deb
      Size/MD5:    23908 52597b5ee13107a11cdad91f25035e86


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ