- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: file security update
Advisory ID:       RHSA-2007:0391-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0391.html
Issue date:        2007-05-30
Updated on:        2007-05-30
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-2799 
- ---------------------------------------------------------------------1. Summary:

An updated file package that fixes a security flaw is now available for Red
Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The file command is used to identify a particular file according to the
type of data contained by the file.

The fix for CVE-2007-1536 introduced a new integer underflow flaw in the
file utility. An attacker could create a carefully crafted file which, if
examined by a victim using the file utility, could lead to arbitrary code
execution. (CVE-2007-2799)

This issue did not affect the version of the file utility distributed with
Red Hat Enterprise Linux 2.1 or 3.

Users should upgrade to this erratum package, which contain a backported
patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

241022 - CVE-2007-2799 file integer overflow
241026 - CVE-2007-2799 file integer overflow
241027 - CVE-2007-2799 file integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
b965edbfc8969978c85c0523d8d66e86  file-4.10-3.0.2.el4.src.rpm

i386:
75f00f87378cd18b54aedb769f794301  file-4.10-3.0.2.el4.i386.rpm
efdab1d800634966e2e1139ce469d4c2  file-debuginfo-4.10-3.0.2.el4.i386.rpm

ia64:
8783b9863d2ed05c508d92b23503f920  file-4.10-3.0.2.el4.ia64.rpm
c19ef25c3e5a879853ecaab505ff2597  file-debuginfo-4.10-3.0.2.el4.ia64.rpm

ppc:
dd47db6fa389f2ff5928250893a7be8b  file-4.10-3.0.2.el4.ppc.rpm
e0bb1116776232c5ebc2681548dcb7f7  file-debuginfo-4.10-3.0.2.el4.ppc.rpm

s390:
b546e7c44fb7eda2e7be1d1d72433799  file-4.10-3.0.2.el4.s390.rpm
084965a1f9db4bef813eaebf0287f51b  file-debuginfo-4.10-3.0.2.el4.s390.rpm

s390x:
e7f435b24698bc2317dd9b5899cb1b90  file-4.10-3.0.2.el4.s390x.rpm
1fcc1b07f8047f39b7329e444172399a  file-debuginfo-4.10-3.0.2.el4.s390x.rpm

x86_64:
d015b5bc4eb50598633b251145cfc5ad  file-4.10-3.0.2.el4.x86_64.rpm
4e5bff0f6f01ad0920063e59d982ac3b  file-debuginfo-4.10-3.0.2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
b965edbfc8969978c85c0523d8d66e86  file-4.10-3.0.2.el4.src.rpm

i386:
75f00f87378cd18b54aedb769f794301  file-4.10-3.0.2.el4.i386.rpm
efdab1d800634966e2e1139ce469d4c2  file-debuginfo-4.10-3.0.2.el4.i386.rpm

x86_64:
d015b5bc4eb50598633b251145cfc5ad  file-4.10-3.0.2.el4.x86_64.rpm
4e5bff0f6f01ad0920063e59d982ac3b  file-debuginfo-4.10-3.0.2.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
b965edbfc8969978c85c0523d8d66e86  file-4.10-3.0.2.el4.src.rpm

i386:
75f00f87378cd18b54aedb769f794301  file-4.10-3.0.2.el4.i386.rpm
efdab1d800634966e2e1139ce469d4c2  file-debuginfo-4.10-3.0.2.el4.i386.rpm

ia64:
8783b9863d2ed05c508d92b23503f920  file-4.10-3.0.2.el4.ia64.rpm
c19ef25c3e5a879853ecaab505ff2597  file-debuginfo-4.10-3.0.2.el4.ia64.rpm

x86_64:
d015b5bc4eb50598633b251145cfc5ad  file-4.10-3.0.2.el4.x86_64.rpm
4e5bff0f6f01ad0920063e59d982ac3b  file-debuginfo-4.10-3.0.2.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
b965edbfc8969978c85c0523d8d66e86  file-4.10-3.0.2.el4.src.rpm

i386:
75f00f87378cd18b54aedb769f794301  file-4.10-3.0.2.el4.i386.rpm
efdab1d800634966e2e1139ce469d4c2  file-debuginfo-4.10-3.0.2.el4.i386.rpm

ia64:
8783b9863d2ed05c508d92b23503f920  file-4.10-3.0.2.el4.ia64.rpm
c19ef25c3e5a879853ecaab505ff2597  file-debuginfo-4.10-3.0.2.el4.ia64.rpm

x86_64:
d015b5bc4eb50598633b251145cfc5ad  file-4.10-3.0.2.el4.x86_64.rpm
4e5bff0f6f01ad0920063e59d982ac3b  file-debuginfo-4.10-3.0.2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
e5f3056e10d0abf9ab2d4734d2c40df6  file-4.17-9.0.1.el5.src.rpm

i386:
1bca600f3b0de26a2725d6f4e7a72383  file-4.17-9.0.1.el5.i386.rpm
a384f2635a5e6964a3f315d771ff75a4  file-debuginfo-4.17-9.0.1.el5.i386.rpm

x86_64:
1750ba7e71efd10cd3883b2de825f896  file-4.17-9.0.1.el5.x86_64.rpm
3117f2b7873d607da5b0e11e56b3da74  file-debuginfo-4.17-9.0.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
e5f3056e10d0abf9ab2d4734d2c40df6  file-4.17-9.0.1.el5.src.rpm

i386:
1bca600f3b0de26a2725d6f4e7a72383  file-4.17-9.0.1.el5.i386.rpm
a384f2635a5e6964a3f315d771ff75a4  file-debuginfo-4.17-9.0.1.el5.i386.rpm

ia64:
2d7e954147b37218beafcebf771865b3  file-4.17-9.0.1.el5.ia64.rpm
18c9cb33b74bb8c962ca0d8fe08c84da  file-debuginfo-4.17-9.0.1.el5.ia64.rpm

ppc:
8051227058fb32153ce838aea9f36268  file-4.17-9.0.1.el5.ppc.rpm
5d498107c435b67be6f6bf36c214caa4  file-debuginfo-4.17-9.0.1.el5.ppc.rpm

s390x:
d9ccaf596792a8487e1ef137cb6db3f3  file-4.17-9.0.1.el5.s390x.rpm
ded763b43e263cb6b9b8b99ff9a99ff9  file-debuginfo-4.17-9.0.1.el5.s390x.rpm

x86_64:
1750ba7e71efd10cd3883b2de825f896  file-4.17-9.0.1.el5.x86_64.rpm
3117f2b7873d607da5b0e11e56b3da74  file-debuginfo-4.17-9.0.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Moderate: file security update

An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5.The fix for CVE-2007-1536 introduced a new integer underflow flaw in the f...

Summary



Summary

The file command is used to identify a particular file according to the type of data contained by the file. The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
241022 - CVE-2007-2799 file integer overflow 241026 - CVE-2007-2799 file integer overflow 241027 - CVE-2007-2799 file integer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: b965edbfc8969978c85c0523d8d66e86 file-4.10-3.0.2.el4.src.rpm
i386: 75f00f87378cd18b54aedb769f794301 file-4.10-3.0.2.el4.i386.rpm efdab1d800634966e2e1139ce469d4c2 file-debuginfo-4.10-3.0.2.el4.i386.rpm
ia64: 8783b9863d2ed05c508d92b23503f920 file-4.10-3.0.2.el4.ia64.rpm c19ef25c3e5a879853ecaab505ff2597 file-debuginfo-4.10-3.0.2.el4.ia64.rpm
ppc: dd47db6fa389f2ff5928250893a7be8b file-4.10-3.0.2.el4.ppc.rpm e0bb1116776232c5ebc2681548dcb7f7 file-debuginfo-4.10-3.0.2.el4.ppc.rpm
s390: b546e7c44fb7eda2e7be1d1d72433799 file-4.10-3.0.2.el4.s390.rpm 084965a1f9db4bef813eaebf0287f51b file-debuginfo-4.10-3.0.2.el4.s390.rpm
s390x: e7f435b24698bc2317dd9b5899cb1b90 file-4.10-3.0.2.el4.s390x.rpm 1fcc1b07f8047f39b7329e444172399a file-debuginfo-4.10-3.0.2.el4.s390x.rpm
x86_64: d015b5bc4eb50598633b251145cfc5ad file-4.10-3.0.2.el4.x86_64.rpm 4e5bff0f6f01ad0920063e59d982ac3b file-debuginfo-4.10-3.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: b965edbfc8969978c85c0523d8d66e86 file-4.10-3.0.2.el4.src.rpm
i386: 75f00f87378cd18b54aedb769f794301 file-4.10-3.0.2.el4.i386.rpm efdab1d800634966e2e1139ce469d4c2 file-debuginfo-4.10-3.0.2.el4.i386.rpm
x86_64: d015b5bc4eb50598633b251145cfc5ad file-4.10-3.0.2.el4.x86_64.rpm 4e5bff0f6f01ad0920063e59d982ac3b file-debuginfo-4.10-3.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: b965edbfc8969978c85c0523d8d66e86 file-4.10-3.0.2.el4.src.rpm
i386: 75f00f87378cd18b54aedb769f794301 file-4.10-3.0.2.el4.i386.rpm efdab1d800634966e2e1139ce469d4c2 file-debuginfo-4.10-3.0.2.el4.i386.rpm
ia64: 8783b9863d2ed05c508d92b23503f920 file-4.10-3.0.2.el4.ia64.rpm c19ef25c3e5a879853ecaab505ff2597 file-debuginfo-4.10-3.0.2.el4.ia64.rpm
x86_64: d015b5bc4eb50598633b251145cfc5ad file-4.10-3.0.2.el4.x86_64.rpm 4e5bff0f6f01ad0920063e59d982ac3b file-debuginfo-4.10-3.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: b965edbfc8969978c85c0523d8d66e86 file-4.10-3.0.2.el4.src.rpm
i386: 75f00f87378cd18b54aedb769f794301 file-4.10-3.0.2.el4.i386.rpm efdab1d800634966e2e1139ce469d4c2 file-debuginfo-4.10-3.0.2.el4.i386.rpm
ia64: 8783b9863d2ed05c508d92b23503f920 file-4.10-3.0.2.el4.ia64.rpm c19ef25c3e5a879853ecaab505ff2597 file-debuginfo-4.10-3.0.2.el4.ia64.rpm
x86_64: d015b5bc4eb50598633b251145cfc5ad file-4.10-3.0.2.el4.x86_64.rpm 4e5bff0f6f01ad0920063e59d982ac3b file-debuginfo-4.10-3.0.2.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS: e5f3056e10d0abf9ab2d4734d2c40df6 file-4.17-9.0.1.el5.src.rpm
i386: 1bca600f3b0de26a2725d6f4e7a72383 file-4.17-9.0.1.el5.i386.rpm a384f2635a5e6964a3f315d771ff75a4 file-debuginfo-4.17-9.0.1.el5.i386.rpm
x86_64: 1750ba7e71efd10cd3883b2de825f896 file-4.17-9.0.1.el5.x86_64.rpm 3117f2b7873d607da5b0e11e56b3da74 file-debuginfo-4.17-9.0.1.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS: e5f3056e10d0abf9ab2d4734d2c40df6 file-4.17-9.0.1.el5.src.rpm
i386: 1bca600f3b0de26a2725d6f4e7a72383 file-4.17-9.0.1.el5.i386.rpm a384f2635a5e6964a3f315d771ff75a4 file-debuginfo-4.17-9.0.1.el5.i386.rpm
ia64: 2d7e954147b37218beafcebf771865b3 file-4.17-9.0.1.el5.ia64.rpm 18c9cb33b74bb8c962ca0d8fe08c84da file-debuginfo-4.17-9.0.1.el5.ia64.rpm
ppc: 8051227058fb32153ce838aea9f36268 file-4.17-9.0.1.el5.ppc.rpm 5d498107c435b67be6f6bf36c214caa4 file-debuginfo-4.17-9.0.1.el5.ppc.rpm
s390x: d9ccaf596792a8487e1ef137cb6db3f3 file-4.17-9.0.1.el5.s390x.rpm ded763b43e263cb6b9b8b99ff9a99ff9 file-debuginfo-4.17-9.0.1.el5.s390x.rpm
x86_64: 1750ba7e71efd10cd3883b2de825f896 file-4.17-9.0.1.el5.x86_64.rpm 3117f2b7873d607da5b0e11e56b3da74 file-debuginfo-4.17-9.0.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2799 http://www.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2007:0391-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0391.html
Issued Date: : 2007-05-30
Updated on: 2007-05-30
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-2799 An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64


Bugs Fixed


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved