Debian alert DLA-1969-1 (file)

From:
             
 
Thorsten Alteholz <debian@alteholz.de> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 1969-1] file security update 
Date:
             
 
Wed, 23 Oct 2019 22:22:14 +0200 (CEST)
Message-ID:
             
 
<alpine.DEB.2.20.1910232221230.15216@jupiter.server.alteholz.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : file
Version        : 1:5.22+15-2+deb8u6
CVE ID         : CVE-2019-18218


An issue has been found in file, a tool to determine file types by using 
magic numbers.

The number of CDF_VECTOR elements had to be restricted in order to prevent 
a heap-based buffer overflow (4-byte out-of-bounds write).


For Debian 8 "Jessie", this problem has been fixed in version
1:5.22+15-2+deb8u6.

We recommend that you upgrade your file packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2wtndfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeJ0A//ccJGz9pbo1l7+SOx/XZ1UjaIqsGnfJl15o/b+846hH/JFRrQAavnF9Hk
0M78N554wXCq9sfcv95DdI9o1bQa3Zp9QiUpYWzHt1AdZGtYv4aoGULZHxgecWxE
YIa2aBWD1pOQVC6fOPqEximgpnByPoHDVpihQuMPBMvUvJz9yck+mbWKB7EIyRZ3
fZarjArOJvvKFToujKP+cB+4IdC9E1CvFxLHRF77yzT0kfhhKl4Sdwi+6igeLJ5g
aAHtxMoveWcvU5PLuun9yzMi9ZlLa1wiSgniMiU/ATCxUD+SP8bMXXtK7+/q3uCR
lEJZHAwDovK4dmsWexZD5gXA3P/1iKT3hJ/RQnGZzqu5IlGTTOqSvNmEMgenqDhZ
2YJfOoHHiFDfmChQhb6eXE0wb071zuGH9GlQCKDfOWbcHVQhm3wecthvDJu0qVNt
ZSnr2usfKaoSPjT3dnl7mQPSemGJdCU+c2SbBavXCuo+7/kBY4MV9yMjMyQiNY45
xo6VdvFX5zSEOGyRyC3yl3sLs4gjz0Tc3L3wZ9ecdP7P03EXoM0PHy+1KqyNGHzC
/MCTUnzwLTv2OIM08s5ruynE5wwOyyEPNE+JUzyTj722bNvtr4s5xYSKFfliYg/i
NcQI0JC6xxCA2SykGcgB3Rsy/mQcRI8q5Oe25eSC5h6d8yyezcc=
=Ttww
-----END PGP SIGNATURE-----