Lucene search

DebianDEBIAN:DSA-3965-1:EA5DC

HistorySep 05, 2017 - 8:15 p.m.

[SECURITY] [DSA 3965-1] file security update

2017-09-0520:15:42

lists.debian.org

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.7%

JSON

Debian Security Advisory DSA-3965-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
September 05, 2017 https://www.debian.org/security/faq

Package : file
CVE ID : CVE-2017-1000249

Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a
file type classification tool, which may result in denial of service if
an ELF binary with a specially crafted .notes section is processed.

For the stable distribution (stretch), this problem has been fixed in
version 1:5.30-1+deb9u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:5.32-1.

We recommend that you upgrade your file packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9mipsfile< 1:5.30-1+deb9u1file_1:5.30-1+deb9u1_mips.deb
Debian9s390xfile< 1:5.30-1+deb9u1file_1:5.30-1+deb9u1_s390x.deb
Debian9i386libmagic-mgc< 1:5.30-1+deb9u1libmagic-mgc_1:5.30-1+deb9u1_i386.deb
Debian9mipsellibmagic1-dbgsym< 1:5.30-1+deb9u1libmagic1-dbgsym_1:5.30-1+deb9u1_mipsel.deb
Debian9mips64elfile-dbgsym< 1:5.30-1+deb9u1file-dbgsym_1:5.30-1+deb9u1_mips64el.deb
Debian9ppc64ellibmagic-mgc< 1:5.30-1+deb9u1libmagic-mgc_1:5.30-1+deb9u1_ppc64el.deb
Debian9arm64libmagic1-dbgsym< 1:5.30-1+deb9u1libmagic1-dbgsym_1:5.30-1+deb9u1_arm64.deb
Debian9armellibmagic1< 1:5.30-1+deb9u1libmagic1_1:5.30-1+deb9u1_armel.deb
Debian9allfile< 1:5.30-1+deb9u1file_1:5.30-1+deb9u1_all.deb
Debian9mipslibmagic1-dbgsym< 1:5.30-1+deb9u1libmagic1-dbgsym_1:5.30-1+deb9u1_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips	file	< 1:5.30-1+deb9u1	file_1:5.30-1+deb9u1_mips.deb
Debian	9	s390x	file	< 1:5.30-1+deb9u1	file_1:5.30-1+deb9u1_s390x.deb
Debian	9	i386	libmagic-mgc	< 1:5.30-1+deb9u1	libmagic-mgc_1:5.30-1+deb9u1_i386.deb
Debian	9	mipsel	libmagic1-dbgsym	< 1:5.30-1+deb9u1	libmagic1-dbgsym_1:5.30-1+deb9u1_mipsel.deb
Debian	9	mips64el	file-dbgsym	< 1:5.30-1+deb9u1	file-dbgsym_1:5.30-1+deb9u1_mips64el.deb
Debian	9	ppc64el	libmagic-mgc	< 1:5.30-1+deb9u1	libmagic-mgc_1:5.30-1+deb9u1_ppc64el.deb
Debian	9	arm64	libmagic1-dbgsym	< 1:5.30-1+deb9u1	libmagic1-dbgsym_1:5.30-1+deb9u1_arm64.deb
Debian	9	armel	libmagic1	< 1:5.30-1+deb9u1	libmagic1_1:5.30-1+deb9u1_armel.deb
Debian	9	all	file	< 1:5.30-1+deb9u1	file_1:5.30-1+deb9u1_all.deb
Debian	9	mips	libmagic1-dbgsym	< 1:5.30-1+deb9u1	libmagic1-dbgsym_1:5.30-1+deb9u1_mips.deb