Advisories

Mandriva Advisories

Package name	file
Date	March 6th, 2003
Advisory ID	MDKSA-2003:030
Affected versions	7.2, 8.0, 8.1, 8.2, 9.0, CS2.1
Synopsis	Updated file packages fix stack overflow vulnerability

Problem Description

A memory allocation problem in file was found by Jeff Johnson, and a
stack overflow corruption problem was found by David Endler. These
problems have been corrected in file version 3.41 and likely affect
all previous version. These problems pose a security threat as they
can be used to execute arbitrary code by an attacker under the
privileges of another user. Note that the attacker must first
somehow convince the target user to execute file against a specially
crafted file that triggers the buffer overflow in file.

Updated Packages

Mandrakelinux 7.2

 095c2b08eac93b171448eb8a9f1c1ef1  7.2/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  7.2/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrakelinux 8.0

 47a821812ce592e995615c8e268333c7  8.0/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  8.0/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 8bcd230d29322f2c486c4834d670410e  ppc/8.0/RPMS/file-3.41-1.1mdk.ppc.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  ppc/8.0/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrakelinux 8.1

 8483c0f20b6324217ad8fa30d6ac1277  8.1/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  8.1/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 949417f7c98c472b6334e45124754bfa  ia64/8.1/RPMS/file-3.41-1.1mdk.ia64.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  ia64/8.1/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrakelinux 8.2

 569bdc3120f253b9317a24e956499cb4  8.2/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  8.2/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 8bab0210d9ad42e7facc76db95a39532  ppc/8.2/RPMS/file-3.41-1.1mdk.ppc.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  ppc/8.2/SRPMS/file-3.41-1.1mdk.src.rpm

Mandrakelinux 9.0

 518493f1a79abf93011e70abfcb0677a  9.0/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  9.0/SRPMS/file-3.41-1.1mdk.src.rpm

Corporate Server 2.1

 518493f1a79abf93011e70abfcb0677a  corporate/2.1/RPMS/file-3.41-1.1mdk.i586.rpm
e1baae959f60cf3b8d8fe3dda9c4f71e  corporate/2.1/SRPMS/file-3.41-1.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102
http://www.idefense.com/advisory/03.04.03.txt

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer