UbuntuUpdates.org

Package "file"

Name: file

Description:

Recognize the type of data in a file using "magic" numbers

Latest version: 1:5.32-2ubuntu0.4
Release: bionic (18.04)
Level: security
Repository: main
Homepage: http://www.darwinsys.com/file/

Links


Download "file"


Other versions of "file" in Bionic

Repository Area Version
base main 1:5.32-2
updates main 1:5.32-2ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:5.32-2ubuntu0.4 2020-05-13 14:07:27 UTC

  file (1:5.32-2ubuntu0.4) bionic-security; urgency=medium

  * SECURITY REGRESSION: truncated interpreter name (LP: #1835596)
    - debian/patches/CVE-2019-8905_8907.patch: updated to use correct
      length in src/readelf.c.

 -- Marc Deslauriers <email address hidden> Tue, 12 May 2020 09:31:09 -0400

Source diff to previous version
1835596 incorrect argument to file_printable in [PATCH] PR/62
CVE-2019-8905 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CV

Version: 1:5.32-2ubuntu0.3 2019-10-30 14:07:24 UTC

  file (1:5.32-2ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
    - debian/patches/CVE-2019-18218.patch: limit the number of elements in
      a vector in src/cdf.*.
    - CVE-2019-18218

 -- Marc Deslauriers <email address hidden> Tue, 29 Oct 2019 12:50:19 -0400

Source diff to previous version
CVE-2019-18218 cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (

Version: 1:5.32-2ubuntu0.2 2019-03-18 14:06:33 UTC

  file (1:5.32-2ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: overflows in do_core_note
    - debian/patches/CVE-2019-8905_8907.patch: limit size of file_printable
      in src/file.h, src/funcs.c, src/readelf.c, src/softmagic.c.
    - CVE-2019-8905
    - CVE-2019-8907
  * SECURITY UPDATE: out-of-bounds read in do_core_note
    - debian/patches/CVE-2019-8906.patch: add bounds check in
      src/readelf.c.
    - CVE-2019-8906

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 12:43:04 -0400

Source diff to previous version
CVE-2019-8905 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CV
CVE-2019-8907 do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or
CVE-2019-8906 do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

Version: 1:5.32-2ubuntu0.1 2018-06-14 14:07:57 UTC

  file (1:5.32-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read via crafted ELF file
    - debian/patches/CVE-2018-10360.patch: add bounds check to
      src/readelf.c.
    - CVE-2018-10360

 -- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 13:09:39 -0400

CVE-2018-10360 The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and applic



About   -   Send Feedback to @ubuntu_updates