Debian Security Advisory 1343-1 - Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code.
f1a3ff0b940d6633207e0721ff00fe07798f696e7aab5d2f739e4369785f35ba
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1343-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 31th, 2007 https://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : file
Vulnerability : integer overflow
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2007-2799
Colin Percival discovered an integer overflow in file, a file type
classification tool, which may lead to the execution of arbitrary code.
For the oldstable distribution (sarge) this problem has been fixed in
version 4.12-1sarge2.
For the stable distribution (etch) this problem has been fixed in
version 4.17-5etch2.
For the unstable distribution (sid) this problem has been fixed in
version 4.21-1.
We recommend that you upgrade your file package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2.dsc
Size/MD5 checksum: 617 11f144b3820b5b4acf812911b5580d4f
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2.diff.gz
Size/MD5 checksum: 18168 e91491e1066ccaf93a5020bfe36bb3a3
https://security.debian.org/pool/updates/main/f/file/file_4.12.orig.tar.gz
Size/MD5 checksum: 414600 09488a9d62bc6627b48a8c93e12d72f8
Alpha architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_alpha.deb
Size/MD5 checksum: 30078 98602c556b3753045b761481a6033049
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_alpha.deb
Size/MD5 checksum: 59708 aeb92b5c420ee7f25615266fc69d1d7e
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_alpha.deb
Size/MD5 checksum: 239252 0c56a742036e6953c2c433e753879381
AMD64 architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_amd64.deb
Size/MD5 checksum: 29494 e7afdb17afde778a5afc21735b8789c8
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_amd64.deb
Size/MD5 checksum: 48846 f611745fd75e2fea9aa5df390341c9a6
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_amd64.deb
Size/MD5 checksum: 234496 e08e0a171800afccd116551c77d720c4
ARM architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_arm.deb
Size/MD5 checksum: 28872 6f64f504fbe22213380ba4278f906539
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_arm.deb
Size/MD5 checksum: 48168 d831c555b31d7d925a19fbd7557bc9e9
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_arm.deb
Size/MD5 checksum: 231624 47d4280fd1adc3905f9e1e5ebfe74fe6
HP Precision architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_hppa.deb
Size/MD5 checksum: 29994 0bd0a00c847192bef8ab79a7179d76e3
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_hppa.deb
Size/MD5 checksum: 52514 6c5b2a00f97ace048b810e218d4126b9
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_hppa.deb
Size/MD5 checksum: 238228 22f8474b775ffd310a650eec2e804bdd
Intel IA-32 architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_i386.deb
Size/MD5 checksum: 28844 71030e8db8f80b3d68dc82abf4805a60
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_i386.deb
Size/MD5 checksum: 45718 d5a668c132b5e24be235b45c6ede4ded
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_i386.deb
Size/MD5 checksum: 233008 165c5e5be9eeb736f2e333d4372d92dc
Intel IA-64 architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_ia64.deb
Size/MD5 checksum: 31028 cd0c4bebce2e8aa5275bf8e842fd7fe8
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_ia64.deb
Size/MD5 checksum: 61274 19dd582814f32b06ca4ef1c9139c42b7
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_ia64.deb
Size/MD5 checksum: 244084 2051e64e6545e7b808494268a00a96a7
Motorola 680x0 architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_m68k.deb
Size/MD5 checksum: 28804 b59dcf720d9224d7e7b2617bcb7a49f9
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_m68k.deb
Size/MD5 checksum: 42664 d58c0b8dda865fc4c0703ca0ab29e895
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_m68k.deb
Size/MD5 checksum: 232502 6afbb342a5d7049f44bac7a6fbed4918
Big endian MIPS architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_mips.deb
Size/MD5 checksum: 29716 7a4cedefff494502e6dd99fabcdb6988
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_mips.deb
Size/MD5 checksum: 52560 bfd874db4fc8253413e4e136093e5a2c
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_mips.deb
Size/MD5 checksum: 234812 5b5d5869bfb7069f99d96ba8e6acc558
PowerPC architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_powerpc.deb
Size/MD5 checksum: 30746 8049ddc8f21c3df6f6379581447d7b51
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_powerpc.deb
Size/MD5 checksum: 51406 014ddb93abecb57ae7a729ca188471d0
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_powerpc.deb
Size/MD5 checksum: 236658 eda285e0f6bcc02c4e5624849dfd8039
IBM S/390 architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_s390.deb
Size/MD5 checksum: 29548 ee1a58577a687221cbd5c42cd31272cc
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_s390.deb
Size/MD5 checksum: 50426 b05941625e49f1c43dec884c38d824da
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_s390.deb
Size/MD5 checksum: 236144 aaf87282783a51ac51c2a40f950d4a7f
Sun Sparc architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_sparc.deb
Size/MD5 checksum: 28956 4be06f484de78c46ef5de9bcb3a4e301
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_sparc.deb
Size/MD5 checksum: 48318 55e7eddfe95a8017162d14875a07b3db
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_sparc.deb
Size/MD5 checksum: 234036 a4405fef958ed6f1c2622fce1cb8be3c
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2.dsc
Size/MD5 checksum: 693 4cab938fd849548ddf42ec09f8ff69c9
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2.diff.gz
Size/MD5 checksum: 24445 927d0b99deacc5fc98cbb7b8f844be70
https://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz
Size/MD5 checksum: 556270 50919c65e0181423d66bb25d7fe7b0fd
Alpha architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_alpha.deb
Size/MD5 checksum: 32856 4cb90eab4b631b70be13dfaa00ec0eb6
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_alpha.deb
Size/MD5 checksum: 69290 9c15a570f6fa9af0733df0dc2fd05bfd
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_alpha.deb
Size/MD5 checksum: 281614 17bde82a07b1f6a1da3b02024f95be2b
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_alpha.deb
Size/MD5 checksum: 23716 37ce80b6a9beee26d38f3f33725e9a95
AMD64 architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_amd64.deb
Size/MD5 checksum: 32188 155268d013154c95385d39a1500b7b9b
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_amd64.deb
Size/MD5 checksum: 56660 ae239f724037b5b703fb61e27e5ca94d
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_amd64.deb
Size/MD5 checksum: 276352 356ab79f44e91803b67dd633fae6de3f
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_amd64.deb
Size/MD5 checksum: 23488 b37fbc10b82682fa6f444736a140a9c3
ARM architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_arm.deb
Size/MD5 checksum: 31840 2b42af63ad6f9f1219e54ad470d62604
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_arm.deb
Size/MD5 checksum: 53618 29bf99c005e83ff94ea0268bf8b6716f
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_arm.deb
Size/MD5 checksum: 274176 859929edeb15447ff1877b080481e7b3
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_arm.deb
Size/MD5 checksum: 22902 7dbaec4cf069ea59ac979f64f5369d29
HP Precision architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_hppa.deb
Size/MD5 checksum: 32682 e60d21fb6920f38f85b3c15c99aee1d1
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_hppa.deb
Size/MD5 checksum: 62454 29f63c2578c7d205e51f13fb9c39f3bd
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_hppa.deb
Size/MD5 checksum: 280802 d1d92057d217739658a6f228cfcc7d42
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_hppa.deb
Size/MD5 checksum: 23964 5ffa51ea263b7f8743c1a34285964760
Intel IA-32 architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_i386.deb
Size/MD5 checksum: 31738 88d2fa490cbe688797453acd951e3b4b
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_i386.deb
Size/MD5 checksum: 53866 aa29bfdc0fbea41f22cf62f91efe4afe
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_i386.deb
Size/MD5 checksum: 275108 5deb254486738439e769718af4781719
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_i386.deb
Size/MD5 checksum: 23002 2de00094cbb49dcbc9d2e377ed255f58
Intel IA-64 architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_ia64.deb
Size/MD5 checksum: 34332 8e621a86debb04f20124ac50d3cb0c80
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_ia64.deb
Size/MD5 checksum: 74466 cf6a99bd620e92b4bf225625a6720430
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_ia64.deb
Size/MD5 checksum: 291374 50116811a30651cdc388f5801afab546
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_ia64.deb
Size/MD5 checksum: 24670 a097ded99e046b8e08b06aa942620942
Big endian MIPS architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_mips.deb
Size/MD5 checksum: 32394 5b667489143574a13311cad5ee70ff3a
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_mips.deb
Size/MD5 checksum: 61674 61f7c44b2086d2d69806d36b350f5057
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_mips.deb
Size/MD5 checksum: 275828 deb70107c2a708cfc6ee58a8577c8e4c
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_mips.deb
Size/MD5 checksum: 23140 c3bdd08de2efeaf383dbb0ddff41f279
Little endian MIPS architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_mipsel.deb
Size/MD5 checksum: 32400 e01d3ffb9606506c33f013574dcc366c
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_mipsel.deb
Size/MD5 checksum: 61466 5f04ea6d1277a6a71e0955b7e03d4e14
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_mipsel.deb
Size/MD5 checksum: 275718 74d3840585278bf2b21a41210f4f8db0
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_mipsel.deb
Size/MD5 checksum: 23146 48f01350a641e34ac4c382a07407a647
PowerPC architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_powerpc.deb
Size/MD5 checksum: 33814 ac510b4aa19e9892cdd742dbc19f5602
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_powerpc.deb
Size/MD5 checksum: 59868 506921ee61d4503a8474ea419e184aeb
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_powerpc.deb
Size/MD5 checksum: 278400 738a0032c1e91252d85c3b82cc538851
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_powerpc.deb
Size/MD5 checksum: 24694 083253dca4291e7ccd819ed909d37095
IBM S/390 architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_s390.deb
Size/MD5 checksum: 32356 5cf55ead2de57e48ebe21f02847a5229
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_s390.deb
Size/MD5 checksum: 58470 22a707bf5f9cf5592a41f99666f329dc
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_s390.deb
Size/MD5 checksum: 278410 dbf6c54275c251f341692f86df0254bd
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_s390.deb
Size/MD5 checksum: 23656 5cd56031a63458788258c2aa3ff177c0
Sun Sparc architecture:
https://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_sparc.deb
Size/MD5 checksum: 31956 d1cfc83efd7becf9cd470f57f1616509
https://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_sparc.deb
Size/MD5 checksum: 55780 e12a7fd21c338b7060633b510f25b878
https://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_sparc.deb
Size/MD5 checksum: 275390 795654f0eb5f09d1346c97692b90a30b
https://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_sparc.deb
Size/MD5 checksum: 22956 f2598d3437437aec4905f29d399ac6b2
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and https://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGr6szXm3vHE4uyloRAnY+AJwLtVc3PFe6p6dIv+d3kAJNWV6f4QCcDG5p
DE9zThGACQda5SNcBto7aD8=
=bQRd
-----END PGP SIGNATURE-----