=========================================================== Ubuntu Security Notice USN-439-1 March 21, 2007 file vulnerability CVE-2007-1536 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libmagic1 4.12-1ubuntu1.1 Ubuntu 6.06 LTS: libmagic1 4.16-0ubuntu3.1 Ubuntu 6.10: libmagic1 4.17-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jean-Sebastien Guay-Leroux discovered that "file" did not correctly check the size of allocated heap memory. If a user were tricked into examining a specially crafted file with the "file" utility, a remote attacker could execute arbitrary code with user privileges. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1.diff.gz Size/MD5: 18552 c85d5a00ee29c9170afee55293ca37ca http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1.dsc Size/MD5: 623 72160fcadb7d01c484a0a79b7bdf825c http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12.orig.tar.gz Size/MD5: 414600 09488a9d62bc6627b48a8c93e12d72f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_amd64.deb Size/MD5: 29366 75d04066ad3afc6bdb1b488cff5dedab http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_amd64.deb Size/MD5: 49450 0e4a0b381502e2115ed61cc324eed0fb http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_amd64.deb Size/MD5: 235262 d7f8dce54762b639b773b8fcc3fc45bc i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_i386.deb Size/MD5: 28800 401e42b243afd3bd059c2497649b679b http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_i386.deb Size/MD5: 45152 aeb15ed214acc55c84043099ab477b3e http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_i386.deb Size/MD5: 232758 7500a44085c9bee34dd068fb87d61103 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_powerpc.deb Size/MD5: 30836 c787d5a4eeafe567cedc8667156a6ce2 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_powerpc.deb Size/MD5: 51694 3ef959cd768a6720bdb17c4cce39edd2 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_powerpc.deb Size/MD5: 236856 15cbd2b74eac5a410bc371c9a0ed83a7 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.12-1ubuntu1.1_sparc.deb Size/MD5: 29238 50999a9a8aeec88aba86a81683755350 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.12-1ubuntu1.1_sparc.deb Size/MD5: 48312 44141db3e78534d780ef4026d0258082 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.12-1ubuntu1.1_sparc.deb Size/MD5: 234212 48c7d3456a65d99c493a360556fffef6 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1.diff.gz Size/MD5: 21828 d230945e9b35d6655c32c96611fc0a4b http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1.dsc Size/MD5: 677 bcf6495e121e4a238f2b657b310a5021 http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16.orig.tar.gz Size/MD5: 548877 9bc5a7017ab7bd544f288fd931ec741a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.16-0ubuntu3.1_all.deb Size/MD5: 18258 2d77ff6c9242211ffdc920ad3984eafd amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_amd64.deb Size/MD5: 31316 5369e945a10457e4cca3eae1f25a1858 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_amd64.deb Size/MD5: 55034 3177a21a8c92071a0849d6c7006d69a2 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_amd64.deb Size/MD5: 265994 e255df22f1ad518c79a42995d8454717 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_amd64.deb Size/MD5: 22450 f1dcc8d494e5ac8045139e4a9187c9d8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_i386.deb Size/MD5: 30720 9bbadde7d17220a0818c1e91159eee12 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_i386.deb Size/MD5: 50842 f3127cde3e93a20412454c57e3e0536e http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_i386.deb Size/MD5: 263408 a295163ebf68567889e7a21ee98c8297 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_i386.deb Size/MD5: 21878 9dd99636710c9ed4c0784ea0f5ed473c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_powerpc.deb Size/MD5: 32858 6f5e91dfa3456074fbae386f2b3baa01 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_powerpc.deb Size/MD5: 57398 47c9365062492f776768a055541f21f7 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_powerpc.deb Size/MD5: 267518 bcc3b19f0981aceabb6123dbf13ca36d http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_powerpc.deb Size/MD5: 23756 514db4324606f6c626cb1b67ce237239 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.16-0ubuntu3.1_sparc.deb Size/MD5: 31108 8f96aeab5f58013a9fc9def13b51bf93 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.16-0ubuntu3.1_sparc.deb Size/MD5: 53764 96749f2b398e90f837c28965ed717023 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.16-0ubuntu3.1_sparc.deb Size/MD5: 264778 7ecf2276b91b2312493d10baa75dc731 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python2.4-magic_4.16-0ubuntu3.1_sparc.deb Size/MD5: 22006 08ec0590d790f20c3fca0288fd37d3a3 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1.diff.gz Size/MD5: 22941 d607b95d69ad8046e84f98e107bd1039 http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1.dsc Size/MD5: 701 15986aa0256a53879151d2244e8f57d3 http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17.orig.tar.gz Size/MD5: 556270 50919c65e0181423d66bb25d7fe7b0fd amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_amd64.deb Size/MD5: 31868 5ab604b74993ec8e6d89de70596671bf http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_amd64.deb Size/MD5: 56614 946e3e5dbd54b02e6d2a9e0d8f85ca32 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_amd64.deb Size/MD5: 276554 27feb334273e1650adf1af5372c0d3f0 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_amd64.deb Size/MD5: 24180 4b8799f65dc9b22fa396e32f5168c6b9 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_i386.deb Size/MD5: 31338 2a1b45850880c25f0b8d5240e5481771 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_i386.deb Size/MD5: 53798 7107487e84985c35c708b3296cafd0ef http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_i386.deb Size/MD5: 275724 539ba579996db45626ff3cc149a702be http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_i386.deb Size/MD5: 23958 4c675ec3fb2e510450adbdabede66acb powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_powerpc.deb Size/MD5: 33578 1a4a883b7dee2b9ad0608ebe4d54222f http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_powerpc.deb Size/MD5: 60044 94c9a268b63b299824c03abb0ccf6ee8 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_powerpc.deb Size/MD5: 278720 5b9bc99fd7829a8356985c8708522206 http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_powerpc.deb Size/MD5: 26676 309a181f2f4eeb93e30e4b472c0c3938 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/f/file/file_4.17-2ubuntu1.1_sparc.deb Size/MD5: 31640 2ff0910e144631af7954eb22b818b133 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_4.17-2ubuntu1.1_sparc.deb Size/MD5: 56544 aff8e0bc4e38f6f0c18a35c5475dc2f7 http://security.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_4.17-2ubuntu1.1_sparc.deb Size/MD5: 276232 4eb64ba16f5ef96c8be0de24a9e3ca6e http://security.ubuntu.com/ubuntu/pool/universe/f/file/python-magic_4.17-2ubuntu1.1_sparc.deb Size/MD5: 23908 52597b5ee13107a11cdad91f25035e86