Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0359 -- [RedHat] Moderate: file security update 31 May 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: file Publisher: Red Hat Operating System: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CVE-2007-2799 Ref: ESB-2007.0194 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0391.html Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running the file utility check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: file security update Advisory ID: RHSA-2007:0391-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0391.html Issue date: 2007-05-30 Updated on: 2007-05-30 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-2799 - - --------------------------------------------------------------------- 1. Summary: An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The file command is used to identify a particular file according to the type of data contained by the file. The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 241022 - CVE-2007-2799 file integer overflow 241026 - CVE-2007-2799 file integer overflow 241027 - CVE-2007-2799 file integer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/file-4.10-3.0.2.el4.src.rpm b965edbfc8969978c85c0523d8d66e86 file-4.10-3.0.2.el4.src.rpm i386: 75f00f87378cd18b54aedb769f794301 file-4.10-3.0.2.el4.i386.rpm efdab1d800634966e2e1139ce469d4c2 file-debuginfo-4.10-3.0.2.el4.i386.rpm ia64: 8783b9863d2ed05c508d92b23503f920 file-4.10-3.0.2.el4.ia64.rpm c19ef25c3e5a879853ecaab505ff2597 file-debuginfo-4.10-3.0.2.el4.ia64.rpm ppc: dd47db6fa389f2ff5928250893a7be8b file-4.10-3.0.2.el4.ppc.rpm e0bb1116776232c5ebc2681548dcb7f7 file-debuginfo-4.10-3.0.2.el4.ppc.rpm s390: b546e7c44fb7eda2e7be1d1d72433799 file-4.10-3.0.2.el4.s390.rpm 084965a1f9db4bef813eaebf0287f51b file-debuginfo-4.10-3.0.2.el4.s390.rpm s390x: e7f435b24698bc2317dd9b5899cb1b90 file-4.10-3.0.2.el4.s390x.rpm 1fcc1b07f8047f39b7329e444172399a file-debuginfo-4.10-3.0.2.el4.s390x.rpm x86_64: d015b5bc4eb50598633b251145cfc5ad file-4.10-3.0.2.el4.x86_64.rpm 4e5bff0f6f01ad0920063e59d982ac3b file-debuginfo-4.10-3.0.2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/file-4.10-3.0.2.el4.src.rpm b965edbfc8969978c85c0523d8d66e86 file-4.10-3.0.2.el4.src.rpm i386: 75f00f87378cd18b54aedb769f794301 file-4.10-3.0.2.el4.i386.rpm efdab1d800634966e2e1139ce469d4c2 file-debuginfo-4.10-3.0.2.el4.i386.rpm x86_64: d015b5bc4eb50598633b251145cfc5ad file-4.10-3.0.2.el4.x86_64.rpm 4e5bff0f6f01ad0920063e59d982ac3b file-debuginfo-4.10-3.0.2.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/file-4.10-3.0.2.el4.src.rpm b965edbfc8969978c85c0523d8d66e86 file-4.10-3.0.2.el4.src.rpm i386: 75f00f87378cd18b54aedb769f794301 file-4.10-3.0.2.el4.i386.rpm efdab1d800634966e2e1139ce469d4c2 file-debuginfo-4.10-3.0.2.el4.i386.rpm ia64: 8783b9863d2ed05c508d92b23503f920 file-4.10-3.0.2.el4.ia64.rpm c19ef25c3e5a879853ecaab505ff2597 file-debuginfo-4.10-3.0.2.el4.ia64.rpm x86_64: d015b5bc4eb50598633b251145cfc5ad file-4.10-3.0.2.el4.x86_64.rpm 4e5bff0f6f01ad0920063e59d982ac3b file-debuginfo-4.10-3.0.2.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/file-4.10-3.0.2.el4.src.rpm b965edbfc8969978c85c0523d8d66e86 file-4.10-3.0.2.el4.src.rpm i386: 75f00f87378cd18b54aedb769f794301 file-4.10-3.0.2.el4.i386.rpm efdab1d800634966e2e1139ce469d4c2 file-debuginfo-4.10-3.0.2.el4.i386.rpm ia64: 8783b9863d2ed05c508d92b23503f920 file-4.10-3.0.2.el4.ia64.rpm c19ef25c3e5a879853ecaab505ff2597 file-debuginfo-4.10-3.0.2.el4.ia64.rpm x86_64: d015b5bc4eb50598633b251145cfc5ad file-4.10-3.0.2.el4.x86_64.rpm 4e5bff0f6f01ad0920063e59d982ac3b file-debuginfo-4.10-3.0.2.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/file-4.17-9.0.1.el5.src.rpm e5f3056e10d0abf9ab2d4734d2c40df6 file-4.17-9.0.1.el5.src.rpm i386: 1bca600f3b0de26a2725d6f4e7a72383 file-4.17-9.0.1.el5.i386.rpm a384f2635a5e6964a3f315d771ff75a4 file-debuginfo-4.17-9.0.1.el5.i386.rpm x86_64: 1750ba7e71efd10cd3883b2de825f896 file-4.17-9.0.1.el5.x86_64.rpm 3117f2b7873d607da5b0e11e56b3da74 file-debuginfo-4.17-9.0.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/file-4.17-9.0.1.el5.src.rpm e5f3056e10d0abf9ab2d4734d2c40df6 file-4.17-9.0.1.el5.src.rpm i386: 1bca600f3b0de26a2725d6f4e7a72383 file-4.17-9.0.1.el5.i386.rpm a384f2635a5e6964a3f315d771ff75a4 file-debuginfo-4.17-9.0.1.el5.i386.rpm ia64: 2d7e954147b37218beafcebf771865b3 file-4.17-9.0.1.el5.ia64.rpm 18c9cb33b74bb8c962ca0d8fe08c84da file-debuginfo-4.17-9.0.1.el5.ia64.rpm ppc: 8051227058fb32153ce838aea9f36268 file-4.17-9.0.1.el5.ppc.rpm 5d498107c435b67be6f6bf36c214caa4 file-debuginfo-4.17-9.0.1.el5.ppc.rpm s390x: d9ccaf596792a8487e1ef137cb6db3f3 file-4.17-9.0.1.el5.s390x.rpm ded763b43e263cb6b9b8b99ff9a99ff9 file-debuginfo-4.17-9.0.1.el5.s390x.rpm x86_64: 1750ba7e71efd10cd3883b2de825f896 file-4.17-9.0.1.el5.x86_64.rpm 3117f2b7873d607da5b0e11e56b3da74 file-debuginfo-4.17-9.0.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGXUesXlSAg2UNWIIRArf0AKDFC2kWwA0Yj/ofxm/lh/3PyCDe2QCgq19p +a0FUG7Yj2MCtqNS69z3GBE= =62Og - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRl4MgSh9+71yA2DNAQLSRgP+LJTTZjBt+muzaHJ0ePSzul4hxcXZ58uX hgLViSlgI/eIyGdxMf/kkVZPLFeXbHRQDMHy35OhicrpQOHcWOkAjyf/o2sO2UZ7 6qsIMPLosO1IyhdkpieFbjkvVBMNWqg8KhsU/48RbfqxNmezJFl1B989f7RsGg7b c3Yyw6CWh6Q= =xQmM -----END PGP SIGNATURE-----