-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:035 http://www.mandriva.com/security/ _______________________________________________________________________ Package : file Date : March 23, 2012 Affected: 2010.1, 2011. _______________________________________________________________________ Problem Description: Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format (CDF) files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash (CVE-2012-1571). The updated packages for Mandriva Linux 2011 have been upgraded to the 5.11 version and the packages for Mandriva Linux 2010.2 has been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571 https://bugzilla.redhat.com/show_bug.cgi?id=805197 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: e046dbf91442caf99cd290e961a1e79a 2010.1/i586/file-5.04-1.1mdv2010.2.i586.rpm 5f72f9a498c491ccf2b3955dec5a1b5e 2010.1/i586/libmagic1-5.04-1.1mdv2010.2.i586.rpm efd9c51f04d9b8d519d38a4be1b76454 2010.1/i586/libmagic-devel-5.04-1.1mdv2010.2.i586.rpm b8494a53e6c4abdd2a58c7649ee846e7 2010.1/i586/libmagic-static-devel-5.04-1.1mdv2010.2.i586.rpm af41a4b8feeefe7b4f9764a03b708a43 2010.1/i586/python-magic-5.04-1.1mdv2010.2.i586.rpm a89ec9ac28ca4a816cf02eb1825e5a6d 2010.1/SRPMS/file-5.04-1.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: c36525b412c19ecf99e87fcea61a3a8c 2010.1/x86_64/file-5.04-1.1mdv2010.2.x86_64.rpm a06b3d7a197cf7ecbe813707b9bf2e55 2010.1/x86_64/lib64magic1-5.04-1.1mdv2010.2.x86_64.rpm df2c67277315cd9ae824ef9c59e76749 2010.1/x86_64/lib64magic-devel-5.04-1.1mdv2010.2.x86_64.rpm b0d4dc2225784a9d429cb320d87b3d0a 2010.1/x86_64/lib64magic-static-devel-5.04-1.1mdv2010.2.x86_64.rpm 8764173bcea21d3a0d9b5615b4cd6bab 2010.1/x86_64/python-magic-5.04-1.1mdv2010.2.x86_64.rpm a89ec9ac28ca4a816cf02eb1825e5a6d 2010.1/SRPMS/file-5.04-1.1mdv2010.2.src.rpm Mandriva Linux 2011: 298efc833458e23dfd38f0a4c3cb9dbb 2011/i586/file-5.11-0.1-mdv2011.0.i586.rpm 7909224e6bce5c69b13be4024bff4a6c 2011/i586/libmagic1-5.11-0.1-mdv2011.0.i586.rpm 8dccc3c54ed4728ab9df9165688c3aae 2011/i586/libmagic-devel-5.11-0.1-mdv2011.0.i586.rpm a2a0629cbb54d7a657804d349f8fd2f2 2011/i586/libmagic-static-devel-5.11-0.1-mdv2011.0.i586.rpm 3fdd1a77e7b0875f7ee2068627f7faec 2011/i586/python-magic-5.11-0.1-mdv2011.0.noarch.rpm c23e3d320554ae075205852bac0e59c7 2011/SRPMS/file-5.11-0.1.src.rpm Mandriva Linux 2011/X86_64: 8d99a914447368e9140a27844b6b11fe 2011/x86_64/file-5.11-0.1-mdv2011.0.x86_64.rpm c901a5e0481679963703a00891dd1d21 2011/x86_64/lib64magic1-5.11-0.1-mdv2011.0.x86_64.rpm 031ec6b0251917c1db595755f76f6907 2011/x86_64/lib64magic-devel-5.11-0.1-mdv2011.0.x86_64.rpm 2dfc40f0bd492ffa774d537b39c84804 2011/x86_64/lib64magic-static-devel-5.11-0.1-mdv2011.0.x86_64.rpm 8bc70f25f615e9d99ddcb40bf13170af 2011/x86_64/python-magic-5.11-0.1-mdv2011.0.noarch.rpm c23e3d320554ae075205852bac0e59c7 2011/SRPMS/file-5.11-0.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPbCf/mqjQ0CJFipgRAiraAJ44830vfqeFe6SsUZDKdZkVB38/1QCeMnyW QbkEsCQe2OpXniXazJbwitY= =CNeb -----END PGP SIGNATURE-----