To: [email protected]Subject: [ MDVSA-2009:129 ] file
Date: Fri, 05 Jun 2009 13:08:00 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1MCXHE-0008DN-Lw@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:129
http://www.mandriva.com/security/
_______________________________________________________________________
Package : file
Date : June 5, 2009
Affected: 2009.1
_______________________________________________________________________
Problem Description:
A security vulnerability has been identified and fixed in file:
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c
in Christos Zoulas file 5.00 allows user-assisted remote attackers
to execute arbitrary code via a crafted compound document file,
as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these
details are obtained from third party information (CVE-2009-1515).
This update provides file-5.03, which is not vulnerable to this,
and other unspecified issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1515
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
714210b7d1f8229a42ad3a74140b56c0 2009.1/i586/file-5.03-2.1mdv2009.1.i586.rpm
22c6a4a5dfd408194d4bc1f675078db1 2009.1/i586/libmagic1-5.03-2.1mdv2009.1.i586.rpm
06514afdf86b584c4ffab7cfe5f27071 2009.1/i586/libmagic-devel-5.03-2.1mdv2009.1.i586.rpm
a21c00a45b081ae2f27e6e060df13fa8 2009.1/i586/libmagic-static-devel-5.03-2.1mdv2009.1.i586.rpm
1b433b429b9199afa97f2a5df547815c 2009.1/i586/python-magic-5.03-2.1mdv2009.1.i586.rpm
140b8ffc12d337d70a317a3c1599ab12 2009.1/SRPMS/file-5.03-2.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
dde9982f605e023a9b07dc9933d10a10 2009.1/x86_64/file-5.03-2.1mdv2009.1.x86_64.rpm
004adbba8f58328c07ee3d1c8d2651a0 2009.1/x86_64/lib64magic1-5.03-2.1mdv2009.1.x86_64.rpm
a693e89d97dca93c8fba466cab5c9576 2009.1/x86_64/lib64magic-devel-5.03-2.1mdv2009.1.x86_64.rpm
750e3d4d11365b315b3134c07bb432da 2009.1/x86_64/lib64magic-static-devel-5.03-2.1mdv2009.1.x86_64.rpm
77f8329b8a06c038f1c23c837cff756c 2009.1/x86_64/python-magic-5.03-2.1mdv2009.1.x86_64.rpm
140b8ffc12d337d70a317a3c1599ab12 2009.1/SRPMS/file-5.03-2.1mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKKNJ1mqjQ0CJFipgRAo5SAJ4msETHMGySvamzGIoP88/iMbncwgCgz7tj
3PXeJkpYjRaYJ8twBeThadc=
=gabF
-----END PGP SIGNATURE-----