what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-035

Mandriva Linux Security Advisory 2012-035
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-035 - Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash. The updated packages for Mandriva Linux 2011 have been upgraded to the 5.11 version and the packages for Mandriva Linux 2010.2 has been patched to correct these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-1571
SHA-256 | 4047982958ece3e56808e6732bee8a5b66fdecf385ac7aecc0043d63cb942a06

Mandriva Linux Security Advisory 2012-035

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:035
http://www.mandriva.com/security/
_______________________________________________________________________

Package : file
Date : March 23, 2012
Affected: 2010.1, 2011.
_______________________________________________________________________

Problem Description:

Multiple out-of heap-based buffer read flaws and invalid pointer
dereference flaws were found in the way file, utility for determining
of file types processed header section for certain Composite Document
Format (CDF) files. A remote attacker could provide a specially-crafted
CDF file, which once inspected by the file utility of the victim
would lead to file executable crash (CVE-2012-1571).

The updated packages for Mandriva Linux 2011 have been upgraded to
the 5.11 version and the packages for Mandriva Linux 2010.2 has been
patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571
https://bugzilla.redhat.com/show_bug.cgi?id=805197
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
e046dbf91442caf99cd290e961a1e79a 2010.1/i586/file-5.04-1.1mdv2010.2.i586.rpm
5f72f9a498c491ccf2b3955dec5a1b5e 2010.1/i586/libmagic1-5.04-1.1mdv2010.2.i586.rpm
efd9c51f04d9b8d519d38a4be1b76454 2010.1/i586/libmagic-devel-5.04-1.1mdv2010.2.i586.rpm
b8494a53e6c4abdd2a58c7649ee846e7 2010.1/i586/libmagic-static-devel-5.04-1.1mdv2010.2.i586.rpm
af41a4b8feeefe7b4f9764a03b708a43 2010.1/i586/python-magic-5.04-1.1mdv2010.2.i586.rpm
a89ec9ac28ca4a816cf02eb1825e5a6d 2010.1/SRPMS/file-5.04-1.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
c36525b412c19ecf99e87fcea61a3a8c 2010.1/x86_64/file-5.04-1.1mdv2010.2.x86_64.rpm
a06b3d7a197cf7ecbe813707b9bf2e55 2010.1/x86_64/lib64magic1-5.04-1.1mdv2010.2.x86_64.rpm
df2c67277315cd9ae824ef9c59e76749 2010.1/x86_64/lib64magic-devel-5.04-1.1mdv2010.2.x86_64.rpm
b0d4dc2225784a9d429cb320d87b3d0a 2010.1/x86_64/lib64magic-static-devel-5.04-1.1mdv2010.2.x86_64.rpm
8764173bcea21d3a0d9b5615b4cd6bab 2010.1/x86_64/python-magic-5.04-1.1mdv2010.2.x86_64.rpm
a89ec9ac28ca4a816cf02eb1825e5a6d 2010.1/SRPMS/file-5.04-1.1mdv2010.2.src.rpm

Mandriva Linux 2011:
298efc833458e23dfd38f0a4c3cb9dbb 2011/i586/file-5.11-0.1-mdv2011.0.i586.rpm
7909224e6bce5c69b13be4024bff4a6c 2011/i586/libmagic1-5.11-0.1-mdv2011.0.i586.rpm
8dccc3c54ed4728ab9df9165688c3aae 2011/i586/libmagic-devel-5.11-0.1-mdv2011.0.i586.rpm
a2a0629cbb54d7a657804d349f8fd2f2 2011/i586/libmagic-static-devel-5.11-0.1-mdv2011.0.i586.rpm
3fdd1a77e7b0875f7ee2068627f7faec 2011/i586/python-magic-5.11-0.1-mdv2011.0.noarch.rpm
c23e3d320554ae075205852bac0e59c7 2011/SRPMS/file-5.11-0.1.src.rpm

Mandriva Linux 2011/X86_64:
8d99a914447368e9140a27844b6b11fe 2011/x86_64/file-5.11-0.1-mdv2011.0.x86_64.rpm
c901a5e0481679963703a00891dd1d21 2011/x86_64/lib64magic1-5.11-0.1-mdv2011.0.x86_64.rpm
031ec6b0251917c1db595755f76f6907 2011/x86_64/lib64magic-devel-5.11-0.1-mdv2011.0.x86_64.rpm
2dfc40f0bd492ffa774d537b39c84804 2011/x86_64/lib64magic-static-devel-5.11-0.1-mdv2011.0.x86_64.rpm
8bc70f25f615e9d99ddcb40bf13170af 2011/x86_64/python-magic-5.11-0.1-mdv2011.0.noarch.rpm
c23e3d320554ae075205852bac0e59c7 2011/SRPMS/file-5.11-0.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPbCf/mqjQ0CJFipgRAiraAJ44830vfqeFe6SsUZDKdZkVB38/1QCeMnyW
QbkEsCQe2OpXniXazJbwitY=
=CNeb
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close