========================================================================== Ubuntu Security Notice USN-3686-1 June 14, 2018
file vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in file. Software Description: - file: Tool to determine file types Details: Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9653) It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8865) It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service. (CVE-2018-10360) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: file 1:5.32-2ubuntu0.1 libmagic1 1:5.32-2ubuntu0.1 Ubuntu 17.10: file 1:5.32-1ubuntu0.1 libmagic1 1:5.32-1ubuntu0.1 Ubuntu 16.04 LTS: file 1:5.25-2ubuntu1.1 libmagic1 1:5.25-2ubuntu1.1 Ubuntu 14.04 LTS: file 1:5.14-2ubuntu3.4 libmagic1 1:5.14-2ubuntu3.4 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3686-1 CVE-2014-9620, CVE-2014-9621, CVE-2014-9653, CVE-2015-8865, CVE-2018-10360 Package Information: https://launchpad.net/ubuntu/+source/file/1:5.32-2ubuntu0.1 https://launchpad.net/ubuntu/+source/file/1:5.32-1ubuntu0.1 https://launchpad.net/ubuntu/+source/file/1:5.25-2ubuntu1.1 https://launchpad.net/ubuntu/+source/file/1:5.14-2ubuntu3.4
signature.asc
Description: OpenPGP digital signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
