Säkerhetsbulletin från Debian

DSA-1274-1 file -- buffertspill

Rapporterat den:

2007-04-02

Berörda paket:

Sårbara:

Referenser i säkerhetsdatabaser:

I Debians felrapporteringssystem: Fel 415362, Fel 416678.
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 23021.
I Mitres CVE-förteckning: CVE-2007-1536.

Ytterligare information:

Ett heltalsunderspill har upptäckts i funktionen file_printf i file, ett verktyg för att avgöra filtyp baserat på analys av filers innehåll. Felet kunde göra det möjligt för en angripare att exekvera godtycklig kod genom att få den lokala användare att undersöka en specialskriven fil som utlöser buffertunderspillet.

För den stabila utgåvan (Sarge) har detta problem rättats i version 4.12-1sarge1.

För den kommande stabila utgåvan (Etch) har detta problem rättats i version 4.17-5etch1.

För den instabila utgåvan (Sid) har detta problem rättats i 4.20-1.

Vi rekommenderar att ni uppgraderar ert file-paket.

Rättat i:

Debian (testing)

Källkod:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.dsc; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.diff.gz; http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_arm.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_arm.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_arm.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_i386.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_i386.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_i386.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_m68k.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_s390.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_s390.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_s390.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_sparc.deb

Debian GNU/Linux 3.1 (stable)

Källkod:: http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.diff.gz; http://security.debian.org/pool/updates/main/f/file/file_4.12.orig.tar.gz; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.dsc
Alpha:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_alpha.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_amd64.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_arm.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_arm.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_hppa.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_i386.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_i386.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_ia64.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_m68k.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_m68k.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mips.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mips.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_s390.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_s390.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_sparc.deb; http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.

Denna sida finns även på följande språk:

dansk Deutsch English español français

Så ställer du in standardspråkval för dokument

För att rapportera ett problem med webbplatsen, kontakta debian-www@lists.debian.org (på engelska). För problem och synpunkter om den svenska översättningen, kontakta debian-l10n-swedish@lists.debian.org. För övrig kontaktinformation, se Debians kontaktsida.

Senast uppdaterad: Sön 2008-11-16 10.49.13 UTC
Upphovsrättsskyddat © 2007-2008 SPI; Se licensvillkor
Debian är ett registrerat varumärke hos Software in the Public Interest. Inc.