=========================================================== Ubuntu Security Notice USN-439-2 June 11, 2007 file vulnerability CVE-2007-2799 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libmagic1 4.16-0ubuntu3.2 Ubuntu 6.10: libmagic1 4.17-2ubuntu1.2 Ubuntu 7.04: libmagic1 4.19-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution. Original advisory details: Jean-Sebastien Guay-Leroux discovered that "file" did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the "file" utility, a remote attacker could execute arbitrary code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2.diff.gz Size/MD5: 22022 1437f8e0c13d86cd2e19ae461e493cae http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2.dsc Size/MD5: 677 3e07205c88cb00c729557cdc33d465ce http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16.orig.tar.gz Size/MD5: 548877 9bc5a7017ab7bd544f288fd931ec741a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.16-0ubuntu3.2_all.deb Size/MD5: 18298 ab58a1a24786606786f272a04377683b amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_amd64.deb Size/MD5: 31360 277d6f2fceb979ab530f241bf77a7930 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_amd64.deb Size/MD5: 54970 559949be9e1a15462e2d63c9b12004e0 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_amd64.deb Size/MD5: 265948 5489968ee042ac29d81a49f3433b5874 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_amd64.deb Size/MD5: 22510 2dcabcc5a58a0c3899e73a2906f8aa59 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_i386.deb Size/MD5: 30760 a4ee11d0bf464775afe7899f75772394 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_i386.deb Size/MD5: 50776 43e26b52eeda330edef1a064a5f58e3a http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_i386.deb Size/MD5: 263332 30bd2f4cb95a928996105f2882bc5db3 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_i386.deb Size/MD5: 21930 2582cdbd6f8b2a3721063785a2069ec9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_powerpc.deb Size/MD5: 32904 16f26bdf0fbbf09abc6872e0e4ae2a75 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_powerpc.deb Size/MD5: 57310 44513744327142dc16ee21d865b7d729 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_powerpc.deb Size/MD5: 267510 4c6d7a0b67c06c066210ee52451573b7 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_powerpc.deb Size/MD5: 23812 9f030d6013924f7f74ab8b911ee57bcc sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.2_sparc.deb Size/MD5: 31142 318d5fafd88b3137cc2a8b3c379c3a54 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.2_sparc.deb Size/MD5: 53654 90694c40e2ea9e6789fbeb80e93dadfd http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.2_sparc.deb Size/MD5: 264720 3ea79e65dddfc5bdc6f9accec21f03e7 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.2_sparc.deb Size/MD5: 22056 ebfc77bef2cfc196d80795a5cc015122 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2.diff.gz Size/MD5: 23133 a991951721068161deaacf1937b7ccbb http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2.dsc Size/MD5: 701 b7620b0d903141d4e2b88e5f2637a202 http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17.orig.tar.gz Size/MD5: 556270 50919c65e0181423d66bb25d7fe7b0fd amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_amd64.deb Size/MD5: 31944 5964c9404909b90810b3c9851a00b83e http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_amd64.deb Size/MD5: 56534 599af17c00affe04835f6bbc039f7c11 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_amd64.deb Size/MD5: 276512 70689a0d365b8af2e643d96a7cfa6d80 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_amd64.deb Size/MD5: 24224 ab3c210fd8ee43035ea9659493a77f55 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_i386.deb Size/MD5: 31388 c512394784e682440e9f604761524c7b http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_i386.deb Size/MD5: 53748 6c9cb989811b397538e8842cdda87750 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_i386.deb Size/MD5: 275690 d7aad7f5e28ab21756a9ad6da21ed159 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_i386.deb Size/MD5: 24000 6150a8a3a34b453e1029e9198841a469 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_powerpc.deb Size/MD5: 33602 7c3cc6c3f0c776f1fe5ff9eb2a103319 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_powerpc.deb Size/MD5: 59920 88b0c8981bea9034420eae82e6ec7913 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_powerpc.deb Size/MD5: 278658 7197459413aa574a9ea0bab971552454 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_powerpc.deb Size/MD5: 26700 d23117ebff13f5835de903ad5e00fd72 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.2_sparc.deb Size/MD5: 31680 767ffe45bf0b45b5e932236e5f1c2347 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.2_sparc.deb Size/MD5: 56444 dfe5c5b83807045744b46a09f155c681 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.2_sparc.deb Size/MD5: 276196 64c91f49524eac2a50597aba6139dc50 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.2_sparc.deb Size/MD5: 23950 4482eba5cfa30d74f0b7cabccfb3db55 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1.diff.gz Size/MD5: 25008 da39922210f52c21a23a7998f84782e2 http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1.dsc Size/MD5: 819 9d351d288321ff05e47ff305b8323374 http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19.orig.tar.gz Size/MD5: 546805 a61ef3aa8339d5987148089afde25f60 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_amd64.deb Size/MD5: 33652 0694bc98aeb69f1b98bc95db0c4d5075 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_amd64.deb Size/MD5: 60382 2beb39d22d6863371b5319d189e1b56e http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_amd64.deb Size/MD5: 312384 7b5300e80c06e8b1ac213074878ad896 http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_amd64.deb Size/MD5: 33386 65dadcd9538cc9bfc114d0b95d592d9a http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_amd64.deb Size/MD5: 26306 eb09f37e7153db073025287df7b94bcf i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_i386.deb Size/MD5: 33030 79a5c5c182d458202f2e41432890f1c4 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_i386.deb Size/MD5: 57544 af6f46e6e1a2dcba9372fd63ee9ff9e7 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_i386.deb Size/MD5: 312640 5a5b60f9524a45323a51362a766ebf4d http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_i386.deb Size/MD5: 25284 94c6dc892f401a1096f9d9c8f0573d36 http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_i386.deb Size/MD5: 25414 d47d896c8517da082951e10f21d85307 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_powerpc.deb Size/MD5: 36134 b76d1cf4288fbf0cdce1f131f97ac7be http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_powerpc.deb Size/MD5: 64116 8f025260224c06f12315176d443d12b3 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_powerpc.deb Size/MD5: 320524 6208c6786fe4f05000afa73b628bbc4f http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_powerpc.deb Size/MD5: 46294 95538a5bdcb9fb4038070baabf5b7175 http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_powerpc.deb Size/MD5: 29388 0fd25363cad4b691df25012c48f30362 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.19-1ubuntu2.1_sparc.deb Size/MD5: 33642 01058c20f06e3bf9b82fdc7d58d0b335 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.19-1ubuntu2.1_sparc.deb Size/MD5: 60162 7c310afb7fc186caf2fccb04d2a7e580 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.19-1ubuntu2.1_sparc.deb Size/MD5: 315230 bbd18ebd238f90f28c951d467f0939f5 http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic-dbg_4.19-1ubuntu2.1_sparc.deb Size/MD5: 25938 57b5635c33e3a3275c91a1a6e8e7490d http://security.ubuntu.com/ubuntu/pool/main/f/file/python-magic_4.19-1ubuntu2.1_sparc.deb Size/MD5: 25700 e990e9a211b79d0dd29991e8d044cd0d
Attachment:
signature.asc
Description: Digital signature