UbuntuUpdates.org

Package "file"

Name: file

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • File type determination library using "magic" numbers (Python bindings)

Latest version: 1:5.25-2ubuntu1.2
Release: xenial (16.04)
Level: security
Repository: universe

Links

Save this URL for the latest version of "file": https://www.ubuntuupdates.org/file



Other versions of "file" in Xenial

Repository Area Version
base universe 1:5.25-2ubuntu1
base main 1:5.25-2ubuntu1
security main 1:5.25-2ubuntu1.2
updates universe 1:5.25-2ubuntu1.2
updates main 1:5.25-2ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:5.25-2ubuntu1.2 2019-03-18 14:06:31 UTC

  file (1:5.25-2ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: overflows in do_core_note
    - debian/patches/CVE-2019-8905_8907.patch: limit size of file_printable
      in src/file.h, src/funcs.c, src/readelf.c, src/softmagic.c.
    - CVE-2019-8905
    - CVE-2019-8907

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 12:49:55 -0400

Source diff to previous version
CVE-2019-8905 do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CV
CVE-2019-8907 do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or

Version: 1:5.25-2ubuntu1.1 2018-06-14 14:07:55 UTC

  file (1:5.25-2ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read via crafted ELF file
    - debian/patches/CVE-2018-10360.patch: add bounds check to
      src/readelf.c.
    - CVE-2018-10360

 -- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 13:11:41 -0400

CVE-2018-10360 The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and applic



About   -   Send Feedback to @ubuntu_updates