lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070611222016.GC9627@outflux.net>
Date: Mon, 11 Jun 2007 15:20:16 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-439-2] file vulnerability

=========================================================== 
Ubuntu Security Notice USN-439-2              June 11, 2007
file vulnerability
CVE-2007-2799
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libmagic1                                4.16-0ubuntu3.2

Ubuntu 6.10:
  libmagic1                                4.17-2ubuntu1.2

Ubuntu 7.04:
  libmagic1                                4.19-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-439-1 fixed a vulnerability in file.  The original fix did not
fully solve the problem.  This update provides a more complete solution.

Original advisory details:

 Jean-Sebastien Guay-Leroux discovered that "file" did not correctly
 check the size of allocated heap memory. If a user were tricked into
 examining a specially crafted file with the "file" utility, a remote
 attacker could execute arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2.diff.gz
      Size/MD5:    22022 1437f8e0c13d86cd2e19ae461e493cae
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2.dsc
      Size/MD5:      677 3e07205c88cb00c729557cdc33d465ce
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16.orig.tar.gz
      Size/MD5:   548877 9bc5a7017ab7bd544f288fd931ec741a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.16-0ubuntu3.2_all.deb
      Size/MD5:    18298 ab58a1a24786606786f272a04377683b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_amd64.deb
      Size/MD5:    31360 277d6f2fceb979ab530f241bf77a7930
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_amd64.deb
      Size/MD5:    54970 559949be9e1a15462e2d63c9b12004e0
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_amd64.deb
      Size/MD5:   265948 5489968ee042ac29d81a49f3433b5874
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_amd64.deb
      Size/MD5:    22510 2dcabcc5a58a0c3899e73a2906f8aa59

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_i386.deb
      Size/MD5:    30760 a4ee11d0bf464775afe7899f75772394
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_i386.deb
      Size/MD5:    50776 43e26b52eeda330edef1a064a5f58e3a
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_i386.deb
      Size/MD5:   263332 30bd2f4cb95a928996105f2882bc5db3
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_i386.deb
      Size/MD5:    21930 2582cdbd6f8b2a3721063785a2069ec9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_powerpc.deb
      Size/MD5:    32904 16f26bdf0fbbf09abc6872e0e4ae2a75
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_powerpc.deb
      Size/MD5:    57310 44513744327142dc16ee21d865b7d729
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_powerpc.deb
      Size/MD5:   267510 4c6d7a0b67c06c066210ee52451573b7
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_powerpc.deb
      Size/MD5:    23812 9f030d6013924f7f74ab8b911ee57bcc

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_sparc.deb
      Size/MD5:    31142 318d5fafd88b3137cc2a8b3c379c3a54
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_sparc.deb
      Size/MD5:    53654 90694c40e2ea9e6789fbeb80e93dadfd
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_sparc.deb
      Size/MD5:   264720 3ea79e65dddfc5bdc6f9accec21f03e7
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_sparc.deb
      Size/MD5:    22056 ebfc77bef2cfc196d80795a5cc015122

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2.diff.gz
      Size/MD5:    23133 a991951721068161deaacf1937b7ccbb
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2.dsc
      Size/MD5:      701 b7620b0d903141d4e2b88e5f2637a202
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17.orig.tar.gz
      Size/MD5:   556270 50919c65e0181423d66bb25d7fe7b0fd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_amd64.deb
      Size/MD5:    31944 5964c9404909b90810b3c9851a00b83e
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_amd64.deb
      Size/MD5:    56534 599af17c00affe04835f6bbc039f7c11
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_amd64.deb
      Size/MD5:   276512 70689a0d365b8af2e643d96a7cfa6d80
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_amd64.deb
      Size/MD5:    24224 ab3c210fd8ee43035ea9659493a77f55

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_i386.deb
      Size/MD5:    31388 c512394784e682440e9f604761524c7b
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_i386.deb
      Size/MD5:    53748 6c9cb989811b397538e8842cdda87750
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_i386.deb
      Size/MD5:   275690 d7aad7f5e28ab21756a9ad6da21ed159
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_i386.deb
      Size/MD5:    24000 6150a8a3a34b453e1029e9198841a469

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_powerpc.deb
      Size/MD5:    33602 7c3cc6c3f0c776f1fe5ff9eb2a103319
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_powerpc.deb
      Size/MD5:    59920 88b0c8981bea9034420eae82e6ec7913
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_powerpc.deb
      Size/MD5:   278658 7197459413aa574a9ea0bab971552454
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_powerpc.deb
      Size/MD5:    26700 d23117ebff13f5835de903ad5e00fd72

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_sparc.deb
      Size/MD5:    31680 767ffe45bf0b45b5e932236e5f1c2347
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_sparc.deb
      Size/MD5:    56444 dfe5c5b83807045744b46a09f155c681
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_sparc.deb
      Size/MD5:   276196 64c91f49524eac2a50597aba6139dc50
    http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_sparc.deb
      Size/MD5:    23950 4482eba5cfa30d74f0b7cabccfb3db55

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1.diff.gz
      Size/MD5:    25008 da39922210f52c21a23a7998f84782e2
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1.dsc
      Size/MD5:      819 9d351d288321ff05e47ff305b8323374
    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19.orig.tar.gz
      Size/MD5:   546805 a61ef3aa8339d5987148089afde25f60

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_amd64.deb
      Size/MD5:    33652 0694bc98aeb69f1b98bc95db0c4d5075
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_amd64.deb
      Size/MD5:    60382 2beb39d22d6863371b5319d189e1b56e
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_amd64.deb
      Size/MD5:   312384 7b5300e80c06e8b1ac213074878ad896
    http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_amd64.deb
      Size/MD5:    33386 65dadcd9538cc9bfc114d0b95d592d9a
    http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_amd64.deb
      Size/MD5:    26306 eb09f37e7153db073025287df7b94bcf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_i386.deb
      Size/MD5:    33030 79a5c5c182d458202f2e41432890f1c4
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_i386.deb
      Size/MD5:    57544 af6f46e6e1a2dcba9372fd63ee9ff9e7
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_i386.deb
      Size/MD5:   312640 5a5b60f9524a45323a51362a766ebf4d
    http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_i386.deb
      Size/MD5:    25284 94c6dc892f401a1096f9d9c8f0573d36
    http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_i386.deb
      Size/MD5:    25414 d47d896c8517da082951e10f21d85307

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_powerpc.deb
      Size/MD5:    36134 b76d1cf4288fbf0cdce1f131f97ac7be
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_powerpc.deb
      Size/MD5:    64116 8f025260224c06f12315176d443d12b3
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_powerpc.deb
      Size/MD5:   320524 6208c6786fe4f05000afa73b628bbc4f
    http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_powerpc.deb
      Size/MD5:    46294 95538a5bdcb9fb4038070baabf5b7175
    http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_powerpc.deb
      Size/MD5:    29388 0fd25363cad4b691df25012c48f30362

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_sparc.deb
      Size/MD5:    33642 01058c20f06e3bf9b82fdc7d58d0b335
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_sparc.deb
      Size/MD5:    60162 7c310afb7fc186caf2fccb04d2a7e580
    http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_sparc.deb
      Size/MD5:   315230 bbd18ebd238f90f28c951d467f0939f5
    http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_sparc.deb
      Size/MD5:    25938 57b5635c33e3a3275c91a1a6e8e7490d
    http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_sparc.deb
      Size/MD5:    25700 e990e9a211b79d0dd29991e8d044cd0d


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ