==========================================================================
Ubuntu Security Notice USN-2162-1
April 07, 2014
file vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
File could be made to crash if it processed a specially crafted file.
Software Description:
– file: Tool to determine file types
Details:
It was discovered that file incorrectly handled PE executable files. An
attacker could use this issue to cause file to crash, resulting in a denial
of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
file 5.11-2ubuntu4.2
libmagic1 5.11-2ubuntu4.2
Ubuntu 12.10:
file 5.11-2ubuntu0.2
libmagic1 5.11-2ubuntu0.2
Ubuntu 12.04 LTS:
file 5.09-2ubuntu0.3
libmagic1 5.09-2ubuntu0.3
Ubuntu 10.04 LTS:
file 5.03-5ubuntu1.2
libmagic1 5.03-5ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2162-1
CVE-2014-2270
Package Information:
https://launchpad.net/ubuntu/+source/file/5.11-2ubuntu4.2
https://launchpad.net/ubuntu/+source/file/5.11-2ubuntu0.2
https://launchpad.net/ubuntu/+source/file/5.09-2ubuntu0.3
https://launchpad.net/ubuntu/+source/file/5.03-5ubuntu1.2
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTQqN2AAoJEGVp2FWnRL6TmM0QAIoWFJRaTKMAZ8yT/ZOB84UA
3CZ522zNwR6/UpAND3zZMne3yzf2qsg9BkvrxN2DoSFexgDKvhkrsFQUkEdv723y
3N806Lq0xOrOLCqsrJW+6gFw+LSNoVDE6xcEFZ99Te/wzYuzbP3/A6shUAnRzWPS
nnjxwnw2JyaBxaIpfyaUznZdKxdeW9TV3XOaaD9KTWmAFaxk62zRDyP7TMvMX1NH
EgCALDJ6IsB+19aWQhCXWBhiNqp6BhruUXvj1VObRyZA/GEuKVkicnpD98hNkhCz
InoA9wzUZPM4EyUyl1yepSRSGnkK4kz8Do5lPY+HzOY8dh36CRCMjiCnwE4nZZwp
0KjO3VcvNK6jHTXfulnt3nLGSkynDCNy9E8+89qNZlcMRyzmfMulQfV1HR5fcHyi
zjspSrA1jB6dEyVqGJ0gNe/ciO8Tfxh6TcEEfHi6FKVszU6MmKpcKgtCPapjJvZq
as5zGVSkdElVSspovcZufhbXit4Ow5RgBNSWLsoyAxP1PR7HsvbmDn/COD4pjSnW
A4Rh6jqS8/f9nGaEaH8MBX2R+H0+qxG35e35+KFQWq9kMoRXyzCb1Bv3qBTjC28a
CuwoVoX8JYwtYACIQTXT1KwgCITPj6vWsyZqzekQ1Ish25GLfypZ0oF7MCsaWipQ
K9trBh1dDny2fgeO6XPX
=VsyV
—–END PGP SIGNATURE—–
—