Skip to navigation

Security Advisory Moderate: file security update

Advisory: RHSA-2007:0391-3
Type: Security Advisory
Severity: Moderate
Issued on: 2007-05-30
Last updated on: 2007-05-30
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-2799

Details

An updated file package that fixes a security flaw is now available for Red
Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The file command is used to identify a particular file according to the
type of data contained by the file.

The fix for CVE-2007-1536 introduced a new integer underflow flaw in the
file utility. An attacker could create a carefully crafted file which, if
examined by a victim using the file utility, could lead to arbitrary code
execution. (CVE-2007-2799)

This issue did not affect the version of the file utility distributed with
Red Hat Enterprise Linux 2.1 or 3.

Users should upgrade to this erratum package, which contain a backported
patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
file-4.10-3.0.2.el4.src.rpm
File outdated by:  RHBA-2010:0783
    MD5: b965edbfc8969978c85c0523d8d66e86
 
IA-32:
file-4.10-3.0.2.el4.i386.rpm
File outdated by:  RHBA-2010:0783
    MD5: 75f00f87378cd18b54aedb769f794301
 
x86_64:
file-4.10-3.0.2.el4.x86_64.rpm
File outdated by:  RHBA-2010:0783
    MD5: d015b5bc4eb50598633b251145cfc5ad
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
file-4.17-9.0.1.el5.src.rpm
File outdated by:  RHBA-2012:1029
    MD5: e5f3056e10d0abf9ab2d4734d2c40df6
 
IA-32:
file-4.17-9.0.1.el5.i386.rpm
File outdated by:  RHBA-2012:1029
    MD5: 1bca600f3b0de26a2725d6f4e7a72383
 
IA-64:
file-4.17-9.0.1.el5.ia64.rpm
File outdated by:  RHBA-2012:1029
    MD5: 2d7e954147b37218beafcebf771865b3
 
PPC:
file-4.17-9.0.1.el5.ppc.rpm
File outdated by:  RHBA-2012:1029
    MD5: 8051227058fb32153ce838aea9f36268
 
s390x:
file-4.17-9.0.1.el5.s390x.rpm
File outdated by:  RHBA-2012:1029
    MD5: d9ccaf596792a8487e1ef137cb6db3f3
 
x86_64:
file-4.17-9.0.1.el5.x86_64.rpm
File outdated by:  RHBA-2012:1029
    MD5: 1750ba7e71efd10cd3883b2de825f896
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
file-4.10-3.0.2.el4.src.rpm
File outdated by:  RHBA-2010:0783
    MD5: b965edbfc8969978c85c0523d8d66e86
 
IA-32:
file-4.10-3.0.2.el4.i386.rpm
File outdated by:  RHBA-2010:0783
    MD5: 75f00f87378cd18b54aedb769f794301
 
IA-64:
file-4.10-3.0.2.el4.ia64.rpm
File outdated by:  RHBA-2010:0783
    MD5: 8783b9863d2ed05c508d92b23503f920
 
PPC:
file-4.10-3.0.2.el4.ppc.rpm
File outdated by:  RHBA-2010:0783
    MD5: dd47db6fa389f2ff5928250893a7be8b
 
s390:
file-4.10-3.0.2.el4.s390.rpm
File outdated by:  RHBA-2010:0783
    MD5: b546e7c44fb7eda2e7be1d1d72433799
 
s390x:
file-4.10-3.0.2.el4.s390x.rpm
File outdated by:  RHBA-2010:0783
    MD5: e7f435b24698bc2317dd9b5899cb1b90
 
x86_64:
file-4.10-3.0.2.el4.x86_64.rpm
File outdated by:  RHBA-2010:0783
    MD5: d015b5bc4eb50598633b251145cfc5ad
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
file-4.10-3.0.2.el4.src.rpm
File outdated by:  RHBA-2010:0783
    MD5: b965edbfc8969978c85c0523d8d66e86
 
IA-32:
file-4.10-3.0.2.el4.i386.rpm     MD5: 75f00f87378cd18b54aedb769f794301
 
IA-64:
file-4.10-3.0.2.el4.ia64.rpm     MD5: 8783b9863d2ed05c508d92b23503f920
 
PPC:
file-4.10-3.0.2.el4.ppc.rpm     MD5: dd47db6fa389f2ff5928250893a7be8b
 
s390:
file-4.10-3.0.2.el4.s390.rpm     MD5: b546e7c44fb7eda2e7be1d1d72433799
 
s390x:
file-4.10-3.0.2.el4.s390x.rpm     MD5: e7f435b24698bc2317dd9b5899cb1b90
 
x86_64:
file-4.10-3.0.2.el4.x86_64.rpm     MD5: d015b5bc4eb50598633b251145cfc5ad
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
file-4.17-9.0.1.el5.src.rpm
File outdated by:  RHBA-2012:1029
    MD5: e5f3056e10d0abf9ab2d4734d2c40df6
 
IA-32:
file-4.17-9.0.1.el5.i386.rpm
File outdated by:  RHBA-2012:1029
    MD5: 1bca600f3b0de26a2725d6f4e7a72383
 
x86_64:
file-4.17-9.0.1.el5.x86_64.rpm
File outdated by:  RHBA-2012:1029
    MD5: 1750ba7e71efd10cd3883b2de825f896
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
file-4.10-3.0.2.el4.src.rpm
File outdated by:  RHBA-2010:0783
    MD5: b965edbfc8969978c85c0523d8d66e86
 
IA-32:
file-4.10-3.0.2.el4.i386.rpm
File outdated by:  RHBA-2010:0783
    MD5: 75f00f87378cd18b54aedb769f794301
 
IA-64:
file-4.10-3.0.2.el4.ia64.rpm
File outdated by:  RHBA-2010:0783
    MD5: 8783b9863d2ed05c508d92b23503f920
 
x86_64:
file-4.10-3.0.2.el4.x86_64.rpm
File outdated by:  RHBA-2010:0783
    MD5: d015b5bc4eb50598633b251145cfc5ad
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
file-4.10-3.0.2.el4.src.rpm
File outdated by:  RHBA-2010:0783
    MD5: b965edbfc8969978c85c0523d8d66e86
 
IA-32:
file-4.10-3.0.2.el4.i386.rpm     MD5: 75f00f87378cd18b54aedb769f794301
 
IA-64:
file-4.10-3.0.2.el4.ia64.rpm     MD5: 8783b9863d2ed05c508d92b23503f920
 
x86_64:
file-4.10-3.0.2.el4.x86_64.rpm     MD5: d015b5bc4eb50598633b251145cfc5ad
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
file-4.10-3.0.2.el4.src.rpm
File outdated by:  RHBA-2010:0783
    MD5: b965edbfc8969978c85c0523d8d66e86
 
IA-32:
file-4.10-3.0.2.el4.i386.rpm
File outdated by:  RHBA-2010:0783
    MD5: 75f00f87378cd18b54aedb769f794301
 
IA-64:
file-4.10-3.0.2.el4.ia64.rpm
File outdated by:  RHBA-2010:0783
    MD5: 8783b9863d2ed05c508d92b23503f920
 
x86_64:
file-4.10-3.0.2.el4.x86_64.rpm
File outdated by:  RHBA-2010:0783
    MD5: d015b5bc4eb50598633b251145cfc5ad
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

241022 - CVE-2007-2799 file integer overflow
241026 - CVE-2007-2799 file integer overflow
241027 - CVE-2007-2799 file integer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/