[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070611222016.GC9627@outflux.net>
Date: Mon, 11 Jun 2007 15:20:16 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-439-2] file vulnerability
===========================================================
Ubuntu Security Notice USN-439-2 June 11, 2007
file vulnerability
CVE-2007-2799
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libmagic1 4.16-0ubuntu3.2
Ubuntu 6.10:
libmagic1 4.17-2ubuntu1.2
Ubuntu 7.04:
libmagic1 4.19-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-439-1 fixed a vulnerability in file. The original fix did not
fully solve the problem. This update provides a more complete solution.
Original advisory details:
Jean-Sebastien Guay-Leroux discovered that "file" did not correctly
check the size of allocated heap memory. If a user were tricked into
examining a specially crafted file with the "file" utility, a remote
attacker could execute arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2.diff.gz
Size/MD5: 22022 1437f8e0c13d86cd2e19ae461e493cae
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2.dsc
Size/MD5: 677 3e07205c88cb00c729557cdc33d465ce
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16.orig.tar.gz
Size/MD5: 548877 9bc5a7017ab7bd544f288fd931ec741a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.16-0ubuntu3.2_all.deb
Size/MD5: 18298 ab58a1a24786606786f272a04377683b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_amd64.deb
Size/MD5: 31360 277d6f2fceb979ab530f241bf77a7930
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_amd64.deb
Size/MD5: 54970 559949be9e1a15462e2d63c9b12004e0
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_amd64.deb
Size/MD5: 265948 5489968ee042ac29d81a49f3433b5874
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_amd64.deb
Size/MD5: 22510 2dcabcc5a58a0c3899e73a2906f8aa59
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_i386.deb
Size/MD5: 30760 a4ee11d0bf464775afe7899f75772394
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_i386.deb
Size/MD5: 50776 43e26b52eeda330edef1a064a5f58e3a
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_i386.deb
Size/MD5: 263332 30bd2f4cb95a928996105f2882bc5db3
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_i386.deb
Size/MD5: 21930 2582cdbd6f8b2a3721063785a2069ec9
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_powerpc.deb
Size/MD5: 32904 16f26bdf0fbbf09abc6872e0e4ae2a75
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_powerpc.deb
Size/MD5: 57310 44513744327142dc16ee21d865b7d729
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_powerpc.deb
Size/MD5: 267510 4c6d7a0b67c06c066210ee52451573b7
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_powerpc.deb
Size/MD5: 23812 9f030d6013924f7f74ab8b911ee57bcc
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_sparc.deb
Size/MD5: 31142 318d5fafd88b3137cc2a8b3c379c3a54
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_sparc.deb
Size/MD5: 53654 90694c40e2ea9e6789fbeb80e93dadfd
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_sparc.deb
Size/MD5: 264720 3ea79e65dddfc5bdc6f9accec21f03e7
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_sparc.deb
Size/MD5: 22056 ebfc77bef2cfc196d80795a5cc015122
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2.diff.gz
Size/MD5: 23133 a991951721068161deaacf1937b7ccbb
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2.dsc
Size/MD5: 701 b7620b0d903141d4e2b88e5f2637a202
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17.orig.tar.gz
Size/MD5: 556270 50919c65e0181423d66bb25d7fe7b0fd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_amd64.deb
Size/MD5: 31944 5964c9404909b90810b3c9851a00b83e
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_amd64.deb
Size/MD5: 56534 599af17c00affe04835f6bbc039f7c11
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_amd64.deb
Size/MD5: 276512 70689a0d365b8af2e643d96a7cfa6d80
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_amd64.deb
Size/MD5: 24224 ab3c210fd8ee43035ea9659493a77f55
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_i386.deb
Size/MD5: 31388 c512394784e682440e9f604761524c7b
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_i386.deb
Size/MD5: 53748 6c9cb989811b397538e8842cdda87750
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_i386.deb
Size/MD5: 275690 d7aad7f5e28ab21756a9ad6da21ed159
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_i386.deb
Size/MD5: 24000 6150a8a3a34b453e1029e9198841a469
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_powerpc.deb
Size/MD5: 33602 7c3cc6c3f0c776f1fe5ff9eb2a103319
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_powerpc.deb
Size/MD5: 59920 88b0c8981bea9034420eae82e6ec7913
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_powerpc.deb
Size/MD5: 278658 7197459413aa574a9ea0bab971552454
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_powerpc.deb
Size/MD5: 26700 d23117ebff13f5835de903ad5e00fd72
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_sparc.deb
Size/MD5: 31680 767ffe45bf0b45b5e932236e5f1c2347
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_sparc.deb
Size/MD5: 56444 dfe5c5b83807045744b46a09f155c681
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_sparc.deb
Size/MD5: 276196 64c91f49524eac2a50597aba6139dc50
http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_sparc.deb
Size/MD5: 23950 4482eba5cfa30d74f0b7cabccfb3db55
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1.diff.gz
Size/MD5: 25008 da39922210f52c21a23a7998f84782e2
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1.dsc
Size/MD5: 819 9d351d288321ff05e47ff305b8323374
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19.orig.tar.gz
Size/MD5: 546805 a61ef3aa8339d5987148089afde25f60
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_amd64.deb
Size/MD5: 33652 0694bc98aeb69f1b98bc95db0c4d5075
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_amd64.deb
Size/MD5: 60382 2beb39d22d6863371b5319d189e1b56e
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_amd64.deb
Size/MD5: 312384 7b5300e80c06e8b1ac213074878ad896
http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_amd64.deb
Size/MD5: 33386 65dadcd9538cc9bfc114d0b95d592d9a
http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_amd64.deb
Size/MD5: 26306 eb09f37e7153db073025287df7b94bcf
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_i386.deb
Size/MD5: 33030 79a5c5c182d458202f2e41432890f1c4
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_i386.deb
Size/MD5: 57544 af6f46e6e1a2dcba9372fd63ee9ff9e7
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_i386.deb
Size/MD5: 312640 5a5b60f9524a45323a51362a766ebf4d
http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_i386.deb
Size/MD5: 25284 94c6dc892f401a1096f9d9c8f0573d36
http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_i386.deb
Size/MD5: 25414 d47d896c8517da082951e10f21d85307
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_powerpc.deb
Size/MD5: 36134 b76d1cf4288fbf0cdce1f131f97ac7be
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_powerpc.deb
Size/MD5: 64116 8f025260224c06f12315176d443d12b3
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_powerpc.deb
Size/MD5: 320524 6208c6786fe4f05000afa73b628bbc4f
http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_powerpc.deb
Size/MD5: 46294 95538a5bdcb9fb4038070baabf5b7175
http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_powerpc.deb
Size/MD5: 29388 0fd25363cad4b691df25012c48f30362
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_sparc.deb
Size/MD5: 33642 01058c20f06e3bf9b82fdc7d58d0b335
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_sparc.deb
Size/MD5: 60162 7c310afb7fc186caf2fccb04d2a7e580
http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_sparc.deb
Size/MD5: 315230 bbd18ebd238f90f28c951d467f0939f5
http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_sparc.deb
Size/MD5: 25938 57b5635c33e3a3275c91a1a6e8e7490d
http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_sparc.deb
Size/MD5: 25700 e990e9a211b79d0dd29991e8d044cd0d
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists