USN-3911-2: file regression

13 May 2020

USN-3911-1 introduced a regression in file.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • file - Tool to determine file types

Details

USN-3911-1 fixed vulnerabilities in file. One of the backported security
fixes introduced a regression that caused the interpreter string to be
truncated. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that file incorrectly handled certain malformed ELF
files. An attacker could use this issue to cause a denial of service, or
possibly execute arbitrary code.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.