Sicherheit: Pufferüberlauf in file

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1244200168-27111-5073

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:129
http://www.mandriva.com/security/
_______________________________________________________________________

Package : file
Date : June 5, 2009
Affected: 2009.1
_______________________________________________________________________

Problem Description:

A security vulnerability has been identified and fixed in file:

Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c
in Christos Zoulas file 5.00 allows user-assisted remote attackers
to execute arbitrary code via a crafted compound document file,
as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these
details are obtained from third party information (CVE-2009-1515).

This update provides file-5.03, which is not vulnerable to this,
and other unspecified issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1515
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.1:
714210b7d1f8229a42ad3a74140b56c0 2009.1/i586/file-5.03-2.1mdv2009.1.i586.rpm
22c6a4a5dfd408194d4bc1f675078db1
2009.1/i586/libmagic1-5.03-2.1mdv2009.1.i586.rpm
06514afdf86b584c4ffab7cfe5f27071
2009.1/i586/libmagic-devel-5.03-2.1mdv2009.1.i586.rpm
a21c00a45b081ae2f27e6e060df13fa8
2009.1/i586/libmagic-static-devel-5.03-2.1mdv2009.1.i586.rpm
1b433b429b9199afa97f2a5df547815c
2009.1/i586/python-magic-5.03-2.1mdv2009.1.i586.rpm
140b8ffc12d337d70a317a3c1599ab12 2009.1/SRPMS/file-5.03-2.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
dde9982f605e023a9b07dc9933d10a10
2009.1/x86_64/file-5.03-2.1mdv2009.1.x86_64.rpm
004adbba8f58328c07ee3d1c8d2651a0
2009.1/x86_64/lib64magic1-5.03-2.1mdv2009.1.x86_64.rpm
a693e89d97dca93c8fba466cab5c9576
2009.1/x86_64/lib64magic-devel-5.03-2.1mdv2009.1.x86_64.rpm
750e3d4d11365b315b3134c07bb432da
2009.1/x86_64/lib64magic-static-devel-5.03-2.1mdv2009.1.x86_64.rpm
77f8329b8a06c038f1c23c837cff756c
2009.1/x86_64/python-magic-5.03-2.1mdv2009.1.x86_64.rpm
140b8ffc12d337d70a317a3c1599ab12 2009.1/SRPMS/file-5.03-2.1mdv2009.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKKNJ1mqjQ0CJFipgRAo5SAJ4msETHMGySvamzGIoP88/iMbncwgCgz7tj
3PXeJkpYjRaYJ8twBeThadc=
=gabF
-----END PGP SIGNATURE-----

------------=_1244200168-27111-5073
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1244200168-27111-5073--