A memory allocation problem in file was found by Jeff Johnson, and a
stack overflow corruption problem was found by David Endler. These
problems have been corrected in file version 3.41 and likely affect
all previous version. These problems pose a security threat as they
can be used to execute arbitrary code by an attacker under the
privileges of another user. Note that the attacker must first
somehow convince the target user to execute file against a specially
crafted file that triggers the buffer overflow in file.
The 8.2 and 9.0 packages installed data in a different directory than
where they should have been installed, which broke compatability with
a small number of programs. These updated packages place those files
back in the appropriate location.
d5e93ef5b8d037f98545cada5a771df7 8.2/RPMS/file-3.41-1.2mdk.i586.rpm 928927e417e426bddff47bb2b44ab2f7 8.2/SRPMS/file-3.41-1.2mdk.src.rpm
db8aa6371a0cc8472a326c34e55644b9 ppc/8.2/RPMS/file-3.41-1.2mdk.ppc.rpm 928927e417e426bddff47bb2b44ab2f7 ppc/8.2/SRPMS/file-3.41-1.2mdk.src.rpm
11dd08bc1e77855ed30a9c0e40f6b15c 9.0/RPMS/file-3.41-1.2mdk.i586.rpm 928927e417e426bddff47bb2b44ab2f7 9.0/SRPMS/file-3.41-1.2mdk.src.rpm
Corporate Server 2.1
11dd08bc1e77855ed30a9c0e40f6b15c corporate/2.1/RPMS/file-3.41-1.2mdk.i586.rpm 928927e417e426bddff47bb2b44ab2f7 corporate/2.1/SRPMS/file-3.41-1.2mdk.src.rpm
Corporate Server 2.1/X86_64
bac5bc5f65a3eb09a5f19dec54ea9b43 x86_64/corporate/2.1/RPMS/file-3.41-1.2mdk.x86_64.rpm 928927e417e426bddff47bb2b44ab2f7 x86_64/corporate/2.1/SRPMS/file-3.41-1.2mdk.src.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.