|
 |
| Problem Description |
Jean-Sebastien Guay-Leroux discovered an integer underflow in the
file_printf() function in file prior to 4.20 that allows user-assisted
attackers to execute arbitrary code via a file that triggers a
heap-based buffer overflow.
Updated packages have been patched to address this issue.
| Updated Packages |
Corporate Server 3.0
96a903348d6fcbf9c1148b40c33bfa84 corporate/3.0/i586/file-4.07-3.1.C30mdk.i586.rpm 91f98b7967a67cd84997bc1a4b4c3ac0 corporate/3.0/i586/libmagic1-4.07-3.1.C30mdk.i586.rpm cdd298669d1887162dcfc85f64ee0026 corporate/3.0/i586/libmagic1-devel-4.07-3.1.C30mdk.i586.rpm b76cebb89bd62cdbed02074bf08862c9 corporate/3.0/i586/libmagic1-static-devel-4.07-3.1.C30mdk.i586.rpm d4277fc37c32f5c3916c4223d09bcdf5 corporate/3.0/SRPMS/file-4.07-3.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
4f16f2ea06e12ba3b34b53b4cf37c767 corporate/3.0/x86_64/file-4.07-3.1.C30mdk.x86_64.rpm ea2133f4651a6538478586246c76a37c corporate/3.0/x86_64/lib64magic1-4.07-3.1.C30mdk.x86_64.rpm ebc3400c433d97f7638283412ee7dfb8 corporate/3.0/x86_64/lib64magic1-devel-4.07-3.1.C30mdk.x86_64.rpm 6edd04c7d038b9793c3703a24a6e4e24 corporate/3.0/x86_64/lib64magic1-static-devel-4.07-3.1.C30mdk.x86_64.rpm d4277fc37c32f5c3916c4223d09bcdf5 corporate/3.0/SRPMS/file-4.07-3.1.C30mdk.src.rpm
Multi Network Firewall 2.0
1a3e63e7cf57e63af8c166280da3ce0f mnf/2.0/i586/file-4.07-3.1.M20mdk.i586.rpm 4830b9b5c5ac238f16bedc8e919cd61e mnf/2.0/i586/libmagic1-4.07-3.1.M20mdk.i586.rpm d9b5cdb19d1a4178a072a380a83183df mnf/2.0/i586/libmagic1-devel-4.07-3.1.M20mdk.i586.rpm 86268a4fcbc5ca421a022afb019deace mnf/2.0/i586/libmagic1-static-devel-4.07-3.1.M20mdk.i586.rpm b23438938f6cefd35a6afd7252fed8a5 mnf/2.0/SRPMS/file-4.07-3.1.M20mdk.src.rpm
Mandriva Linux 2006
6776fdab0b30ff408291c8b60eaa5914 2006.0/i586/file-4.14-2.2.20060mdk.i586.rpm de3e126e2309c381967c83ee00a1549f 2006.0/i586/libmagic1-4.14-2.2.20060mdk.i586.rpm 76d7885a0646fc3f4ccefa2d1f39c52d 2006.0/i586/libmagic1-devel-4.14-2.2.20060mdk.i586.rpm d9b880001c57222a32d3ee7983bbe41d 2006.0/i586/libmagic1-static-devel-4.14-2.2.20060mdk.i586.rpm faf0311fd9add5ab90fd4794d458d5df 2006.0/SRPMS/file-4.14-2.2.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
778972de9f0b948065e3a740762335ea 2006.0/x86_64/file-4.14-2.2.20060mdk.x86_64.rpm d198f2b7b93b6453927cfb82ebd7be03 2006.0/x86_64/lib64magic1-4.14-2.2.20060mdk.x86_64.rpm f39321c70228c4720d7839d23bd4f257 2006.0/x86_64/lib64magic1-devel-4.14-2.2.20060mdk.x86_64.rpm 77672f3f381c93138d4eeb5bf029634b 2006.0/x86_64/lib64magic1-static-devel-4.14-2.2.20060mdk.x86_64.rpm faf0311fd9add5ab90fd4794d458d5df 2006.0/SRPMS/file-4.14-2.2.20060mdk.src.rpm
Mandriva Linux 2007
051e3ba9cc68605b812ee7b49db6912e 2007.0/i586/file-4.17-2.1mdv2007.0.i586.rpm df3c8c4fa46b317a6d82b58b2645af06 2007.0/i586/libmagic1-4.17-2.1mdv2007.0.i586.rpm 3b89edfb298db832a00bdc8004050c70 2007.0/i586/libmagic1-devel-4.17-2.1mdv2007.0.i586.rpm ab34afc24bba86ba683a07a829c291ce 2007.0/i586/libmagic1-static-devel-4.17-2.1mdv2007.0.i586.rpm da97885fa8cef50b1a7197cd3bedda88 2007.0/i586/python-magic-4.17-2.1mdv2007.0.i586.rpm b6711ae1487bff595f23644888a21200 2007.0/SRPMS/file-4.17-2.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
92037616ceeb9422321aefcb92b4592d 2007.0/x86_64/file-4.17-2.1mdv2007.0.x86_64.rpm a0714daf434333daf0cc94e793fb2fa5 2007.0/x86_64/lib64magic1-4.17-2.1mdv2007.0.x86_64.rpm ec4d6e8f36c517775544d9b82e1c2c3c 2007.0/x86_64/lib64magic1-devel-4.17-2.1mdv2007.0.x86_64.rpm 911a45da5e03afce2e6cf893821523c0 2007.0/x86_64/lib64magic1-static-devel-4.17-2.1mdv2007.0.x86_64.rpm d5553c829bb5c105eb8956c30c982b56 2007.0/x86_64/python-magic-4.17-2.1mdv2007.0.x86_64.rpm b6711ae1487bff595f23644888a21200 2007.0/SRPMS/file-4.17-2.1mdv2007.0.src.rpm
Corporate Server 4.0
1fef1c38e699bc9bf2a12e133ab58d72 corporate/4.0/i586/file-4.14-2.2.20060mlcs4.i586.rpm 25d61edd905d5d5fc98fa26f94133e3d corporate/4.0/i586/libmagic1-4.14-2.2.20060mlcs4.i586.rpm 7b66b10bfbc1882f34cc35ae2a028b06 corporate/4.0/i586/libmagic1-devel-4.14-2.2.20060mlcs4.i586.rpm 98b0564830191b3e5633e72673ada514 corporate/4.0/i586/libmagic1-static-devel-4.14-2.2.20060mlcs4.i586.rpm 06fb5a02819a65a8846a92cb5cb7e103 corporate/4.0/SRPMS/file-4.14-2.2.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
5da9885c6eceeae1048efea7e5fb1f6a corporate/4.0/x86_64/file-4.14-2.2.20060mlcs4.x86_64.rpm af453ecc1eeb2ac69d8f4cb286b45605 corporate/4.0/x86_64/lib64magic1-4.14-2.2.20060mlcs4.x86_64.rpm cb9a0c1590b1acebe42b3cd545b58bc2 corporate/4.0/x86_64/lib64magic1-devel-4.14-2.2.20060mlcs4.x86_64.rpm abbaa0bb2698c9e035267ce6a3e1f056 corporate/4.0/x86_64/lib64magic1-static-devel-4.14-2.2.20060mlcs4.x86_64.rpm 06fb5a02819a65a8846a92cb5cb7e103 corporate/4.0/SRPMS/file-4.14-2.2.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.