Debian Security Advisory
DSA-3965-1 file -- security update
- Date Reported:
- 05 Sep 2017
- Affected Packages:
- file
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-1000249.
- More information:
-
Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a file type classification tool, which may result in denial of service if an ELF binary with a specially crafted .notes section is processed.
For the stable distribution (stretch), this problem has been fixed in version 1:5.30-1+deb9u1.
For the unstable distribution (sid), this problem has been fixed in version 1:5.32-1.
We recommend that you upgrade your file packages.