UbuntuUpdates.org

Package "file"

Name: file

Description:

Determines file type using "magic" numbers
Latest version: 5.09-2ubuntu0.8
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://www.darwinsys.com/file/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "file"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "file" in Precise

Repository Area Version
base main 5.09-2
security main 5.09-2ubuntu0.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.09-2ubuntu0.8 2021-05-03 15:06:22 UTC

  file (5.09-2ubuntu0.8) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
    - debian/patches/CVE-2019-18218.patch: limit the number of elements in
      a vector in src/cdf.*.
    - CVE-2019-18218

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 31 Oct 2019 11:42:33 -0300
Source diff to previous version
CVE-2019-18218 cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (

Version: 5.09-2ubuntu0.6 2015-02-04 20:06:42 UTC

  file (5.09-2ubuntu0.6) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via insufficient note headers
    - debian/patches/CVE-2014-3710.patch: handle running out of not headers
      in src/readelf.c.
    - CVE-2014-3710
  * SECURITY UPDATE: DoS in ELF parser
    - debian/patches/CVE-2014-8116.patch: limit number of headers and
      capabilities in src/elfclass.h, src/readelf.c.
    - CVE-2014-8116
  * SECURITY UPDATE: DoS via missing recursion limits
    - debian/patches/CVE-2014-8117.patch: lower recursion level and allow
      it to be set from the command line in src/file.{c,h},
      src/file_opts.h, src/funcs.c, src/magic.c, src/magic.h,
      src/softmagic.c, add new option to documentation in
      doc/file.man, doc/libmagic.man.
    - CVE-2014-8117
  * SECURITY UPDATE: DoS via long pascal strings
    - debian/patches/pr398-truncate-pascal-strings.patch: correctly
      calculate size in src/softmagic.c.
    - No CVE number
 -- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 10:10:29 -0500
Source diff to previous version
CVE-2014-3710 out-of-bounds read in elf note headers
CVE-2014-8116 The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of
CVE-2014-8117 softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or cra

Version: 5.09-2ubuntu0.5 2014-10-03 03:06:31 UTC

  file (5.09-2ubuntu0.5) precise-security; urgency=medium

  * SECURITY UPDATE: buffer underflow in CDF file identification
    - debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
      abort on buffer underflows.
    - CVE-2014-3587
 -- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:34:57 -0700
Source diff to previous version
CVE-2014-3587 Integer overflow in the cdf_read_property_info function in cdf.c in ...

Version: 5.09-2ubuntu0.4 2014-07-15 20:06:32 UTC

  file (5.09-2ubuntu0.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via awk rule backtracking
    - debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
      magic/Magdir/commands.
    - CVE-2013-7345
  * SECURITY UPDATE: denial of service in cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in mconvert
    - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
      string size in src/softmagic.c.
    - CVE-2014-3478
  * SECURITY UPDATE: denial of service in cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3487
  * SECURITY UPDATE: denial of service via awk rule backtracking
    - debian/patches/CVE-2014-3538.patch: allow specifying lengths for
      regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
      existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
      magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
      magic/Magdir/troff, update manpage in doc/magic.man.
    - CVE-2014-3538
 -- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 12:00:51 -0400
Source diff to previous version
CVE-2013-7345 The BEGIN regular expression in the awk script detector in ...
CVE-2014-0207 cdf_read_short_sector insufficient boundary check
CVE-2014-3478 mconvert incorrect handling of truncated pascal string size
CVE-2014-3479 cdf_check_stream_offset insufficient boundary check
CVE-2014-3480 cdf_count_chain insufficient boundary check
CVE-2014-3487 cdf_read_property_info insufficient boundary check
CVE-2014-3538 file before 5.19 does not properly restrict the amount of data read ...

Version: 5.09-2ubuntu0.3 2014-04-07 14:07:15 UTC

  file (5.09-2ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted offset in PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
    - CVE-2014-2270
 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:34:02 -0400
CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent ...


About   -   Send Feedback to @ubuntu_updates