UbuntuUpdates.org

Package "file-dbg"

Name: file-dbg

Description:

Determines file type using "magic" numbers (debug)

Latest version: 1:5.25-2ubuntu1.4
Release: xenial (16.04)
Level: security
Repository: main
Head package: file
Homepage: http://www.darwinsys.com/file/

Links


Download "file-dbg"


Other versions of "file-dbg" in Xenial

Repository Area Version
base main 1:5.25-2ubuntu1
updates main 1:5.25-2ubuntu1.4

Changelog

Version: 1:5.25-2ubuntu1.4 2020-05-13 12:06:47 UTC

  file (1:5.25-2ubuntu1.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: truncated interpreter name (LP: #1835596)
    - debian/patches/CVE-2019-8905_8907.patch: updated to use correct
      length in src/readelf.c.

 -- Marc Deslauriers <email address hidden> Tue, 12 May 2020 09:33:55 -0400

Source diff to previous version
1835596 incorrect argument to file_printable in [PATCH] PR/62
CVE-2019-8905 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CV

Version: 1:5.25-2ubuntu1.3 2019-10-30 15:06:20 UTC

  file (1:5.25-2ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
    - debian/patches/CVE-2019-18218.patch: limit the number of elements in
      a vector in src/cdf.*.
    - CVE-2019-18218

 -- Marc Deslauriers <email address hidden> Tue, 29 Oct 2019 12:51:38 -0400

Source diff to previous version
CVE-2019-18218 cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (

Version: 1:5.25-2ubuntu1.2 2019-03-18 14:06:28 UTC

  file (1:5.25-2ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: overflows in do_core_note
    - debian/patches/CVE-2019-8905_8907.patch: limit size of file_printable
      in src/file.h, src/funcs.c, src/readelf.c, src/softmagic.c.
    - CVE-2019-8905
    - CVE-2019-8907

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 12:49:55 -0400

Source diff to previous version
CVE-2019-8905 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CV
CVE-2019-8907 do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or

Version: 1:5.25-2ubuntu1.1 2018-06-14 14:07:54 UTC

  file (1:5.25-2ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read via crafted ELF file
    - debian/patches/CVE-2018-10360.patch: add bounds check to
      src/readelf.c.
    - CVE-2018-10360

 -- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 13:11:41 -0400

CVE-2018-10360 The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and applic



About   -   Send Feedback to @ubuntu_updates