Mandriva Linux Security Advisory 2012-035 - Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash. The updated packages for Mandriva Linux 2011 have been upgraded to the 5.11 version and the packages for Mandriva Linux 2010.2 has been patched to correct these issues.
4047982958ece3e56808e6732bee8a5b66fdecf385ac7aecc0043d63cb942a06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:035
http://www.mandriva.com/security/
_______________________________________________________________________
Package : file
Date : March 23, 2012
Affected: 2010.1, 2011.
_______________________________________________________________________
Problem Description:
Multiple out-of heap-based buffer read flaws and invalid pointer
dereference flaws were found in the way file, utility for determining
of file types processed header section for certain Composite Document
Format (CDF) files. A remote attacker could provide a specially-crafted
CDF file, which once inspected by the file utility of the victim
would lead to file executable crash (CVE-2012-1571).
The updated packages for Mandriva Linux 2011 have been upgraded to
the 5.11 version and the packages for Mandriva Linux 2010.2 has been
patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571
https://bugzilla.redhat.com/show_bug.cgi?id=805197
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
e046dbf91442caf99cd290e961a1e79a 2010.1/i586/file-5.04-1.1mdv2010.2.i586.rpm
5f72f9a498c491ccf2b3955dec5a1b5e 2010.1/i586/libmagic1-5.04-1.1mdv2010.2.i586.rpm
efd9c51f04d9b8d519d38a4be1b76454 2010.1/i586/libmagic-devel-5.04-1.1mdv2010.2.i586.rpm
b8494a53e6c4abdd2a58c7649ee846e7 2010.1/i586/libmagic-static-devel-5.04-1.1mdv2010.2.i586.rpm
af41a4b8feeefe7b4f9764a03b708a43 2010.1/i586/python-magic-5.04-1.1mdv2010.2.i586.rpm
a89ec9ac28ca4a816cf02eb1825e5a6d 2010.1/SRPMS/file-5.04-1.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
c36525b412c19ecf99e87fcea61a3a8c 2010.1/x86_64/file-5.04-1.1mdv2010.2.x86_64.rpm
a06b3d7a197cf7ecbe813707b9bf2e55 2010.1/x86_64/lib64magic1-5.04-1.1mdv2010.2.x86_64.rpm
df2c67277315cd9ae824ef9c59e76749 2010.1/x86_64/lib64magic-devel-5.04-1.1mdv2010.2.x86_64.rpm
b0d4dc2225784a9d429cb320d87b3d0a 2010.1/x86_64/lib64magic-static-devel-5.04-1.1mdv2010.2.x86_64.rpm
8764173bcea21d3a0d9b5615b4cd6bab 2010.1/x86_64/python-magic-5.04-1.1mdv2010.2.x86_64.rpm
a89ec9ac28ca4a816cf02eb1825e5a6d 2010.1/SRPMS/file-5.04-1.1mdv2010.2.src.rpm
Mandriva Linux 2011:
298efc833458e23dfd38f0a4c3cb9dbb 2011/i586/file-5.11-0.1-mdv2011.0.i586.rpm
7909224e6bce5c69b13be4024bff4a6c 2011/i586/libmagic1-5.11-0.1-mdv2011.0.i586.rpm
8dccc3c54ed4728ab9df9165688c3aae 2011/i586/libmagic-devel-5.11-0.1-mdv2011.0.i586.rpm
a2a0629cbb54d7a657804d349f8fd2f2 2011/i586/libmagic-static-devel-5.11-0.1-mdv2011.0.i586.rpm
3fdd1a77e7b0875f7ee2068627f7faec 2011/i586/python-magic-5.11-0.1-mdv2011.0.noarch.rpm
c23e3d320554ae075205852bac0e59c7 2011/SRPMS/file-5.11-0.1.src.rpm
Mandriva Linux 2011/X86_64:
8d99a914447368e9140a27844b6b11fe 2011/x86_64/file-5.11-0.1-mdv2011.0.x86_64.rpm
c901a5e0481679963703a00891dd1d21 2011/x86_64/lib64magic1-5.11-0.1-mdv2011.0.x86_64.rpm
031ec6b0251917c1db595755f76f6907 2011/x86_64/lib64magic-devel-5.11-0.1-mdv2011.0.x86_64.rpm
2dfc40f0bd492ffa774d537b39c84804 2011/x86_64/lib64magic-static-devel-5.11-0.1-mdv2011.0.x86_64.rpm
8bc70f25f615e9d99ddcb40bf13170af 2011/x86_64/python-magic-5.11-0.1-mdv2011.0.noarch.rpm
c23e3d320554ae075205852bac0e59c7 2011/SRPMS/file-5.11-0.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPbCf/mqjQ0CJFipgRAiraAJ44830vfqeFe6SsUZDKdZkVB38/1QCeMnyW
QbkEsCQe2OpXniXazJbwitY=
=CNeb
-----END PGP SIGNATURE-----