-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3965-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file CVE ID : CVE-2017-1000249 Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed. For the stable distribution (stretch), this problem has been fixed in version 1:5.30-1+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 1:5.32-1. We recommend that you upgrade your file packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmvBG1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S3tA//S/EZiFJ2DfFBkKYFKthu+AOPjMjZS3Seoo5uNBwcqfC3zcpKc5BnjJSs do0J2eKHYxkmVtW5Ox2AhnRlOBTGky3wiS5wFS3LCaeYgjhFt7L6I0VHY09wF9B4 QnkQ6f4r7PJ8/iwKow0XaOrjoE4ClACckaWTpVfFg2oOOZWODSWEoGxQxDEXdsVP DnyY/9TmdRbIhx8OrKJs0oUVQdt6gFguoENvV8zEsTdcJ4trDlFb8t8RcqRWOuWW 8WZ1jeIqDJ31Sl37tItM/AN8MD1STi4Ic9NaDFjAk80iiFBoMxKyfiwWjuZ/d3DX /acoG3XcHLw6V0zB5LBc8HLCqhKrlAqoQ0rFB07+SRr8XGftnRXRT9CuterJcPzp wqgHzvnVL9XsfwZSEAR0yqQAE7Yj6yhEHy4QlPkM6aedO7IIffOE3NvdOBCd46Jg KUKeJZZ4AYH2FcHAzucE9aqdujwfMu/STiPosveA/Z4Kqc3o7ds9nY5N77yynzdH MHzU01lbJBes3+MkfSn9mbGrU6OiB8qUQL0MuOdbB0qAbzYuhJvtzoJ2Pk6PApIX bxDUhQhP5WW1MJ6adOBk0aV6qGLqBaAwbjbMQva0MNmQC01M3IJtR1Su7GCNadU9 +19j1pIJBURMbaHaegidNwLVZudfl+V+uvK8ERgk6RII7MasSJk= =suKv -----END PGP SIGNATURE-----