Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDKSA-2007:067 ] - Updated file packages fix heap-based buffer overflow vulnerability
From: security () mandriva com
Date: Thu, 22 Mar 2007 14:39:07 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:067
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : file
 Date    : March 22, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Jean-Sebastien Guay-Leroux discovered an integer underflow in the
 file_printf() function in file prior to 4.20 that allows user-assisted
 attackers to execute arbitrary code via a file that triggers a
 heap-based buffer overflow.
 
 Updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 6776fdab0b30ff408291c8b60eaa5914  2006.0/i586/file-4.14-2.2.20060mdk.i586.rpm
 de3e126e2309c381967c83ee00a1549f  2006.0/i586/libmagic1-4.14-2.2.20060mdk.i586.rpm
 76d7885a0646fc3f4ccefa2d1f39c52d  2006.0/i586/libmagic1-devel-4.14-2.2.20060mdk.i586.rpm
 d9b880001c57222a32d3ee7983bbe41d  2006.0/i586/libmagic1-static-devel-4.14-2.2.20060mdk.i586.rpm 
 faf0311fd9add5ab90fd4794d458d5df  2006.0/SRPMS/file-4.14-2.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 778972de9f0b948065e3a740762335ea  2006.0/x86_64/file-4.14-2.2.20060mdk.x86_64.rpm
 d198f2b7b93b6453927cfb82ebd7be03  2006.0/x86_64/lib64magic1-4.14-2.2.20060mdk.x86_64.rpm
 f39321c70228c4720d7839d23bd4f257  2006.0/x86_64/lib64magic1-devel-4.14-2.2.20060mdk.x86_64.rpm
 77672f3f381c93138d4eeb5bf029634b  2006.0/x86_64/lib64magic1-static-devel-4.14-2.2.20060mdk.x86_64.rpm 
 faf0311fd9add5ab90fd4794d458d5df  2006.0/SRPMS/file-4.14-2.2.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 051e3ba9cc68605b812ee7b49db6912e  2007.0/i586/file-4.17-2.1mdv2007.0.i586.rpm
 df3c8c4fa46b317a6d82b58b2645af06  2007.0/i586/libmagic1-4.17-2.1mdv2007.0.i586.rpm
 3b89edfb298db832a00bdc8004050c70  2007.0/i586/libmagic1-devel-4.17-2.1mdv2007.0.i586.rpm
 ab34afc24bba86ba683a07a829c291ce  2007.0/i586/libmagic1-static-devel-4.17-2.1mdv2007.0.i586.rpm
 da97885fa8cef50b1a7197cd3bedda88  2007.0/i586/python-magic-4.17-2.1mdv2007.0.i586.rpm 
 b6711ae1487bff595f23644888a21200  2007.0/SRPMS/file-4.17-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 92037616ceeb9422321aefcb92b4592d  2007.0/x86_64/file-4.17-2.1mdv2007.0.x86_64.rpm
 a0714daf434333daf0cc94e793fb2fa5  2007.0/x86_64/lib64magic1-4.17-2.1mdv2007.0.x86_64.rpm
 ec4d6e8f36c517775544d9b82e1c2c3c  2007.0/x86_64/lib64magic1-devel-4.17-2.1mdv2007.0.x86_64.rpm
 911a45da5e03afce2e6cf893821523c0  2007.0/x86_64/lib64magic1-static-devel-4.17-2.1mdv2007.0.x86_64.rpm
 d5553c829bb5c105eb8956c30c982b56  2007.0/x86_64/python-magic-4.17-2.1mdv2007.0.x86_64.rpm 
 b6711ae1487bff595f23644888a21200  2007.0/SRPMS/file-4.17-2.1mdv2007.0.src.rpm

 Corporate 3.0:
 96a903348d6fcbf9c1148b40c33bfa84  corporate/3.0/i586/file-4.07-3.1.C30mdk.i586.rpm
 91f98b7967a67cd84997bc1a4b4c3ac0  corporate/3.0/i586/libmagic1-4.07-3.1.C30mdk.i586.rpm
 cdd298669d1887162dcfc85f64ee0026  corporate/3.0/i586/libmagic1-devel-4.07-3.1.C30mdk.i586.rpm
 b76cebb89bd62cdbed02074bf08862c9  corporate/3.0/i586/libmagic1-static-devel-4.07-3.1.C30mdk.i586.rpm 
 d4277fc37c32f5c3916c4223d09bcdf5  corporate/3.0/SRPMS/file-4.07-3.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 4f16f2ea06e12ba3b34b53b4cf37c767  corporate/3.0/x86_64/file-4.07-3.1.C30mdk.x86_64.rpm
 ea2133f4651a6538478586246c76a37c  corporate/3.0/x86_64/lib64magic1-4.07-3.1.C30mdk.x86_64.rpm
 ebc3400c433d97f7638283412ee7dfb8  corporate/3.0/x86_64/lib64magic1-devel-4.07-3.1.C30mdk.x86_64.rpm
 6edd04c7d038b9793c3703a24a6e4e24  corporate/3.0/x86_64/lib64magic1-static-devel-4.07-3.1.C30mdk.x86_64.rpm 
 d4277fc37c32f5c3916c4223d09bcdf5  corporate/3.0/SRPMS/file-4.07-3.1.C30mdk.src.rpm

 Corporate 4.0:
 1fef1c38e699bc9bf2a12e133ab58d72  corporate/4.0/i586/file-4.14-2.2.20060mlcs4.i586.rpm
 25d61edd905d5d5fc98fa26f94133e3d  corporate/4.0/i586/libmagic1-4.14-2.2.20060mlcs4.i586.rpm
 7b66b10bfbc1882f34cc35ae2a028b06  corporate/4.0/i586/libmagic1-devel-4.14-2.2.20060mlcs4.i586.rpm
 98b0564830191b3e5633e72673ada514  corporate/4.0/i586/libmagic1-static-devel-4.14-2.2.20060mlcs4.i586.rpm 
 06fb5a02819a65a8846a92cb5cb7e103  corporate/4.0/SRPMS/file-4.14-2.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5da9885c6eceeae1048efea7e5fb1f6a  corporate/4.0/x86_64/file-4.14-2.2.20060mlcs4.x86_64.rpm
 af453ecc1eeb2ac69d8f4cb286b45605  corporate/4.0/x86_64/lib64magic1-4.14-2.2.20060mlcs4.x86_64.rpm
 cb9a0c1590b1acebe42b3cd545b58bc2  corporate/4.0/x86_64/lib64magic1-devel-4.14-2.2.20060mlcs4.x86_64.rpm
 abbaa0bb2698c9e035267ce6a3e1f056  corporate/4.0/x86_64/lib64magic1-static-devel-4.14-2.2.20060mlcs4.x86_64.rpm 
 06fb5a02819a65a8846a92cb5cb7e103  corporate/4.0/SRPMS/file-4.14-2.2.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 1a3e63e7cf57e63af8c166280da3ce0f  mnf/2.0/i586/file-4.07-3.1.M20mdk.i586.rpm
 4830b9b5c5ac238f16bedc8e919cd61e  mnf/2.0/i586/libmagic1-4.07-3.1.M20mdk.i586.rpm
 d9b5cdb19d1a4178a072a380a83183df  mnf/2.0/i586/libmagic1-devel-4.07-3.1.M20mdk.i586.rpm
 86268a4fcbc5ca421a022afb019deace  mnf/2.0/i586/libmagic1-static-devel-4.07-3.1.M20mdk.i586.rpm 
 b23438938f6cefd35a6afd7252fed8a5  mnf/2.0/SRPMS/file-4.07-3.1.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGAr0AmqjQ0CJFipgRArybAKCBaU4f4ZglTOxhb9RV4uY33WBxxgCcC1MH
W1KsHMdOvPkHm2esY3vcNNY=
=zl9H
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDKSA-2007:067 ] - Updated file packages fix heap-based buffer overflow vulnerability security (Mar 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault