[Technik] [SECURITY] [DSA 1274-1] New file packages fix
arbitrary code execution
Noèl Köthe
noel at debian.org
Fri Apr 6 12:40:28 CEST 2007
Am Montag, den 02.04.2007, 14:10 +0200 schrieb Noah Meyerhans:
> Debian Security Advisory DSA-1274-1 security at debian.org
> http://www.debian.org/security/ Noah Meyerhans
> April 02, 2007
>
> Package : file
> Vulnerability : buffer overflow
> Problem type : local (remote)
> Debian-specific: no
> CVE Id(s) : CVE-2007-1536
> CERT advisory : 606700
> BugTraq ID : 23021
> Debian Bug : 415362 416678
file auf h01, h02, h03, h04, cupa, wasco, cree und yuma akutalisiert.
> For the stable distribution (sarge), this problem has been fixed in
> version 4.12-1sarge1.
changelog:
file (4.12-1sarge1) stable-security; urgency=high
* Applied patch from upstream to src/file.h, src/funcs.c and src/magic.c to
fix integer underflow in file_printf which can lead to to exploitable heap
overflow CVE-2007-1536 (Closes: #415362, #416678).
-- Daniel Baumann <daniel at debian.org> Thu, 29 Mar 2007 20:28:00 +0200
> For the upcoming stable distribution (etch), this problem has been fixed in
> version 4.17-5etch1.
cree/yuma changelog:
file (4.17-5etch1) testing-security; urgency=high
* Applied patch from upstream to src/file.h, src/funcs.c and src/magic.c to
fix integer underflow in file_printf which can lead to to exploitable heap
overflow CVE-2007-1536 (Closes: #415362, #416678).
-- Daniel Baumann <daniel at debian.org> Thu, 29 Mar 2007 20:28:00 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070406/439a3387/attachment.pgp
More information about the Technik
mailing list