-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:067 http://www.mandriva.com/security/ _______________________________________________________________________ Package : file Date : March 22, 2007 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Jean-Sebastien Guay-Leroux discovered an integer underflow in the file_printf() function in file prior to 4.20 that allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Updated packages have been patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 6776fdab0b30ff408291c8b60eaa5914 2006.0/i586/file-4.14-2.2.20060mdk.i586.rpm de3e126e2309c381967c83ee00a1549f 2006.0/i586/libmagic1-4.14-2.2.20060mdk.i586.rpm 76d7885a0646fc3f4ccefa2d1f39c52d 2006.0/i586/libmagic1-devel-4.14-2.2.20060mdk.i586.rpm d9b880001c57222a32d3ee7983bbe41d 2006.0/i586/libmagic1-static-devel-4.14-2.2.20060mdk.i586.rpm faf0311fd9add5ab90fd4794d458d5df 2006.0/SRPMS/file-4.14-2.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 778972de9f0b948065e3a740762335ea 2006.0/x86_64/file-4.14-2.2.20060mdk.x86_64.rpm d198f2b7b93b6453927cfb82ebd7be03 2006.0/x86_64/lib64magic1-4.14-2.2.20060mdk.x86_64.rpm f39321c70228c4720d7839d23bd4f257 2006.0/x86_64/lib64magic1-devel-4.14-2.2.20060mdk.x86_64.rpm 77672f3f381c93138d4eeb5bf029634b 2006.0/x86_64/lib64magic1-static-devel-4.14-2.2.20060mdk.x86_64.rpm faf0311fd9add5ab90fd4794d458d5df 2006.0/SRPMS/file-4.14-2.2.20060mdk.src.rpm Mandriva Linux 2007.0: 051e3ba9cc68605b812ee7b49db6912e 2007.0/i586/file-4.17-2.1mdv2007.0.i586.rpm df3c8c4fa46b317a6d82b58b2645af06 2007.0/i586/libmagic1-4.17-2.1mdv2007.0.i586.rpm 3b89edfb298db832a00bdc8004050c70 2007.0/i586/libmagic1-devel-4.17-2.1mdv2007.0.i586.rpm ab34afc24bba86ba683a07a829c291ce 2007.0/i586/libmagic1-static-devel-4.17-2.1mdv2007.0.i586.rpm da97885fa8cef50b1a7197cd3bedda88 2007.0/i586/python-magic-4.17-2.1mdv2007.0.i586.rpm b6711ae1487bff595f23644888a21200 2007.0/SRPMS/file-4.17-2.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 92037616ceeb9422321aefcb92b4592d 2007.0/x86_64/file-4.17-2.1mdv2007.0.x86_64.rpm a0714daf434333daf0cc94e793fb2fa5 2007.0/x86_64/lib64magic1-4.17-2.1mdv2007.0.x86_64.rpm ec4d6e8f36c517775544d9b82e1c2c3c 2007.0/x86_64/lib64magic1-devel-4.17-2.1mdv2007.0.x86_64.rpm 911a45da5e03afce2e6cf893821523c0 2007.0/x86_64/lib64magic1-static-devel-4.17-2.1mdv2007.0.x86_64.rpm d5553c829bb5c105eb8956c30c982b56 2007.0/x86_64/python-magic-4.17-2.1mdv2007.0.x86_64.rpm b6711ae1487bff595f23644888a21200 2007.0/SRPMS/file-4.17-2.1mdv2007.0.src.rpm Corporate 3.0: 96a903348d6fcbf9c1148b40c33bfa84 corporate/3.0/i586/file-4.07-3.1.C30mdk.i586.rpm 91f98b7967a67cd84997bc1a4b4c3ac0 corporate/3.0/i586/libmagic1-4.07-3.1.C30mdk.i586.rpm cdd298669d1887162dcfc85f64ee0026 corporate/3.0/i586/libmagic1-devel-4.07-3.1.C30mdk.i586.rpm b76cebb89bd62cdbed02074bf08862c9 corporate/3.0/i586/libmagic1-static-devel-4.07-3.1.C30mdk.i586.rpm d4277fc37c32f5c3916c4223d09bcdf5 corporate/3.0/SRPMS/file-4.07-3.1.C30mdk.src.rpm Corporate 3.0/X86_64: 4f16f2ea06e12ba3b34b53b4cf37c767 corporate/3.0/x86_64/file-4.07-3.1.C30mdk.x86_64.rpm ea2133f4651a6538478586246c76a37c corporate/3.0/x86_64/lib64magic1-4.07-3.1.C30mdk.x86_64.rpm ebc3400c433d97f7638283412ee7dfb8 corporate/3.0/x86_64/lib64magic1-devel-4.07-3.1.C30mdk.x86_64.rpm 6edd04c7d038b9793c3703a24a6e4e24 corporate/3.0/x86_64/lib64magic1-static-devel-4.07-3.1.C30mdk.x86_64.rpm d4277fc37c32f5c3916c4223d09bcdf5 corporate/3.0/SRPMS/file-4.07-3.1.C30mdk.src.rpm Corporate 4.0: 1fef1c38e699bc9bf2a12e133ab58d72 corporate/4.0/i586/file-4.14-2.2.20060mlcs4.i586.rpm 25d61edd905d5d5fc98fa26f94133e3d corporate/4.0/i586/libmagic1-4.14-2.2.20060mlcs4.i586.rpm 7b66b10bfbc1882f34cc35ae2a028b06 corporate/4.0/i586/libmagic1-devel-4.14-2.2.20060mlcs4.i586.rpm 98b0564830191b3e5633e72673ada514 corporate/4.0/i586/libmagic1-static-devel-4.14-2.2.20060mlcs4.i586.rpm 06fb5a02819a65a8846a92cb5cb7e103 corporate/4.0/SRPMS/file-4.14-2.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5da9885c6eceeae1048efea7e5fb1f6a corporate/4.0/x86_64/file-4.14-2.2.20060mlcs4.x86_64.rpm af453ecc1eeb2ac69d8f4cb286b45605 corporate/4.0/x86_64/lib64magic1-4.14-2.2.20060mlcs4.x86_64.rpm cb9a0c1590b1acebe42b3cd545b58bc2 corporate/4.0/x86_64/lib64magic1-devel-4.14-2.2.20060mlcs4.x86_64.rpm abbaa0bb2698c9e035267ce6a3e1f056 corporate/4.0/x86_64/lib64magic1-static-devel-4.14-2.2.20060mlcs4.x86_64.rpm 06fb5a02819a65a8846a92cb5cb7e103 corporate/4.0/SRPMS/file-4.14-2.2.20060mlcs4.src.rpm Multi Network Firewall 2.0: 1a3e63e7cf57e63af8c166280da3ce0f mnf/2.0/i586/file-4.07-3.1.M20mdk.i586.rpm 4830b9b5c5ac238f16bedc8e919cd61e mnf/2.0/i586/libmagic1-4.07-3.1.M20mdk.i586.rpm d9b5cdb19d1a4178a072a380a83183df mnf/2.0/i586/libmagic1-devel-4.07-3.1.M20mdk.i586.rpm 86268a4fcbc5ca421a022afb019deace mnf/2.0/i586/libmagic1-static-devel-4.07-3.1.M20mdk.i586.rpm b23438938f6cefd35a6afd7252fed8a5 mnf/2.0/SRPMS/file-4.07-3.1.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGAr0AmqjQ0CJFipgRArybAKCBaU4f4ZglTOxhb9RV4uY33WBxxgCcC1MH W1KsHMdOvPkHm2esY3vcNNY= =zl9H -----END PGP SIGNATURE-----