Ubuntu Security Notice 2123-1 - It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Bernd Melchers discovered that file incorrectly handled indirect offset values. An attacker could use this issue to cause file to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.
c15cd48bc8b2799f13c365755252a2482623291ddeebb7c5be3f90af4ec34e10
============================================================================
Ubuntu Security Notice USN-2123-1
February 26, 2014
file vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
File could be made to crash if it processed a specially crafted file.
Software Description:
- file: Tool to determine file types
Details:
It was discovered that file incorrectly handled Composite Document files.
An attacker could use this issue to cause file to crash, resulting in a
denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu
12.04 LTS. (CVE-2012-1571)
Bernd Melchers discovered that file incorrectly handled indirect offset
values. An attacker could use this issue to cause file to consume resources
or crash, resulting in a denial of service. (CVE-2014-1943)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
file 5.11-2ubuntu4.1
libmagic1 5.11-2ubuntu4.1
Ubuntu 12.10:
file 5.11-2ubuntu0.1
libmagic1 5.11-2ubuntu0.1
Ubuntu 12.04 LTS:
file 5.09-2ubuntu0.2
libmagic1 5.09-2ubuntu0.2
Ubuntu 10.04 LTS:
file 5.03-5ubuntu1.1
libmagic1 5.03-5ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2123-1
CVE-2012-1571, CVE-2014-1943
Package Information:
https://launchpad.net/ubuntu/+source/file/5.11-2ubuntu4.1
https://launchpad.net/ubuntu/+source/file/5.11-2ubuntu0.1
https://launchpad.net/ubuntu/+source/file/5.09-2ubuntu0.2
https://launchpad.net/ubuntu/+source/file/5.03-5ubuntu1.1