Debians sikkerhedsbulletin

DSA-1274-1 file -- bufferoverløb

Rapporteret den:

2. apr 2007

Berørte pakker:

Sårbar:

Referencer i sikkerhedsdatabaser:

I Debians fejlsporingssystem: Fejl 415362, Fejl 416678.
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 23021.
I Mitres CVE-ordbog: CVE-2007-1536.

Yderligere oplysninger:

En heltalsunderløbsfejl er fundet i funktionen file_printf i file, et værktøj til afgørelse af filtyper på baggrund af analyser af filernes indhold. Fejlen kunne udnyttes af en angriber til at udføre vilkårlig kode, ved at få en lokal bruger til at undersøge en særligt fremstillet fil, der udløser bufferoverløbet.

I den stabile distribution (sarge), er dette problem rettet i version 4.12-1sarge1.

I den kommende stabile distribution (etch), er dette problem rettet i version 4.17-5etch1.

I den ustabile distribution (sid), er dette problem rettet i 4.20-1.

Vi anbefaler at du opgraderer din file-pakke.

Rettet i:

Debian (testing)

Kildekode:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.dsc; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.diff.gz; http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_arm.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_arm.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_arm.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_i386.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_i386.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_i386.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_m68k.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_s390.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_s390.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_s390.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_sparc.deb

Debian GNU/Linux 3.1 (stable)

Kildekode:: http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.diff.gz; http://security.debian.org/pool/updates/main/f/file/file_4.12.orig.tar.gz; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.dsc
Alpha:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_arm.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_arm.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_i386.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_i386.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_m68k.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mips.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mips.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_s390.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_s390.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français svenska

Sådan opsætter du standardsprogvalg for dokumenter

For at rapportere et problem med webstedet sendes en e-mail på engelsk til debian-www@lists.debian.org. Se Debians kontaktside for andre kontaktoplysninger.

Senest opdateret: Søn 16. nov 2008 kl. 08.17.56 UTC
Ophavsretsbeskyttet © 2007-2008 SPI; Se licensbetingelserne
Debian er et registreret varemærke tilhørende Software in the Public Interest, Inc.