[Technik] [SECURITY] [DSA 1343-2] New file packages fix
arbitrary code execution
Noèl Köthe
noel at debian.org
Thu Sep 27 13:07:57 CEST 2007
Am Mittwoch, den 26.09.2007, 23:15 +0200 schrieb Florian Weimer:
> Debian Security Advisory DSA 1343-2 security at debian.org
> http://www.debian.org/security/ Florian Weimer
> September 25th, 2007 http://www.debian.org/security/faq
>
> Package : file
> Vulnerability : integer overflow
> Problem type : local (remote)
> Debian-specific: no
> CVE Id : CVE-2007-2799
file auf yuma, cree und wasco aktualisiert.
> The Debian 4.0r1 release contains a file package with the same version
> number as the last security update (4.17-5etch2), potentially overriding
> it. This security advisory reissues DSA-1343-1 with a higher version
> number, to ensure that its changes remain in effect. The changes from
> Debian 4.0r1 (which fix a minor denial of service issue, CVE-2007-2026)
> are included as well.
>
> For the stable distribution (etch), this problem has been fixed in
> version 4.17-5etch3.
changelog:
file (4.17-5etch3) stable-security; urgency=high
* Non-maintainer upload by the security team
* Merge stable and stable-security branches. 4.17-5etch2 was
accidentally uploaded twice, with different contents.
-- Florian Weimer <fw at deneb.enyo.de> Wed, 12 Sep 2007 21:52:57 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070927/616b294c/attachment.pgp
More information about the Technik
mailing list