drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in file
Name: |
Mehrere Probleme in file |
|
ID: |
USN-3686-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10, Ubuntu 18.04 LTS |
|
Datum: |
Do, 14. Juni 2018, 16:37 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653 |
|
Applikationen: |
file |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3016103702071059324== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="FEyXAkBicRosyYz1T9tHql4Kd30pJA0hr"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FEyXAkBicRosyYz1T9tHql4Kd30pJA0hr Content-Type: multipart/mixed; boundary="JEXpFyM9VauRakbYW2iSFN0uvxXkp2Sqm"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <d182ba86-1abc-9529-5c55-99c4f3b58f25@canonical.com> Subject: [USN-3686-1] file vulnerabilities
--JEXpFyM9VauRakbYW2iSFN0uvxXkp2Sqm Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3686-1 June 14, 2018
file vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in file.
Software Description: - file: Tool to determine file types
Details:
Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620)
Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620)
Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9653)
It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8865)
It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service. (CVE-2018-10360)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: file 1:5.32-2ubuntu0.1 libmagic1 1:5.32-2ubuntu0.1
Ubuntu 17.10: file 1:5.32-1ubuntu0.1 libmagic1 1:5.32-1ubuntu0.1
Ubuntu 16.04 LTS: file 1:5.25-2ubuntu1.1 libmagic1 1:5.25-2ubuntu1.1
Ubuntu 14.04 LTS: file 1:5.14-2ubuntu3.4 libmagic1 1:5.14-2ubuntu3.4
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3686-1 CVE-2014-9620, CVE-2014-9621, CVE-2014-9653, CVE-2015-8865, CVE-2018-10360
Package Information: https://launchpad.net/ubuntu/+source/file/1:5.32-2ubuntu0.1 https://launchpad.net/ubuntu/+source/file/1:5.32-1ubuntu0.1 https://launchpad.net/ubuntu/+source/file/1:5.25-2ubuntu1.1 https://launchpad.net/ubuntu/+source/file/1:5.14-2ubuntu3.4
--JEXpFyM9VauRakbYW2iSFN0uvxXkp2Sqm--
--FEyXAkBicRosyYz1T9tHql4Kd30pJA0hr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsicdoACgkQZWnYVadE vpNNxBAAtdhq09V184cBDquhpj+sbbPY0K7okBUEaQgLgdLWz/DqPZXjgrmpDtdl 06GlXnkrnY3UzCvXEwK14kQYMIyfHo4MiJ8DL3ERrhf082rMqGpMohJl7oT4DOV6 Y2+aD6ybFgcBAi1dlkiiZK95RVQISwxhGhoN+nsmknyeh1Jp2YNmXkQ85azjPIf+ nN4ZfMvzAKnTcq5VN8RR0VC0gOZJniDRK3Zy4aGNZwWxCKecQ61d9F+ZRH8Pgnca 0nTtDNWtpALr1qLLC5nIUpq65h9i2OM2BBcaCB6vitjhj/D0mmsVYK5b+9DCXH/n o38XgugmIy+4hsMYGtdFF1MPkRzA58lqXcvEJztF1ptrn5SRluNlOs/qQj2QJe/E oXXYFlOQ7nlduOVSYJDVOz6buQdfZCWTuZL7/WstRTZzoJmuKdX1hce34YiiiJe1 y94GQlk1llH5IguPePDFq62MejX1UIgLsip3jGUetQSOkr+6sg+k+WaacxztIP2D w41cm5A8AOkkEsBVKsxMM3rbhW0W8uJUqC5nDfx6gizPUExFAnEIRcgd93OMCRgl 4pylRaDuOMlqBSXYKjaCAg3jiQLDNKBVOI3/wnCWyYZhfUyXNTmtiWcjVBCknIeQ jmdKNFx1RHUQcxYpvmAMw3WLYXxM/Ve6b3s9sI+xvUj5oHEgasE= =Rl+D -----END PGP SIGNATURE-----
--FEyXAkBicRosyYz1T9tHql4Kd30pJA0hr--
--===============3016103702071059324== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============3016103702071059324==--
|
|
|
|