Paketname
file
Datum
2009-06-05
Advisory ID
MDVSA-2009:129
Betroffene Versionen
2009.1 i586 , 2009.1 x86_64

Problembeschreibung

A security vulnerability has been identified and fixed in file:

Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c
in Christos Zoulas file 5.00 allows user-assisted remote attackers
to execute arbitrary code via a crafted compound document file,
as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these
details are obtained from third party information (CVE-2009-1515).

This update provides file-5.03, which is not vulnerable to this,
and other unspecified issues.

Aktualisierte Pakete

2009.1 i586

 714210b7d1f8229a42ad3a74140b56c0  2009.1/i586/file-5.03-2.1mdv2009.1.i586.rpm
 22c6a4a5dfd408194d4bc1f675078db1  2009.1/i586/libmagic1-5.03-2.1mdv2009.1.i586.rpm
 06514afdf86b584c4ffab7cfe5f27071  2009.1/i586/libmagic-devel-5.03-2.1mdv2009.1.i586.rpm
 a21c00a45b081ae2f27e6e060df13fa8  2009.1/i586/libmagic-static-devel-5.03-2.1mdv2009.1.i586.rpm
 1b433b429b9199afa97f2a5df547815c  2009.1/i586/python-magic-5.03-2.1mdv2009.1.i586.rpm 
 140b8ffc12d337d70a317a3c1599ab12  2009.1/SRPMS/file-5.03-2.1mdv2009.1.src.rpm

2009.1 x86_64

 dde9982f605e023a9b07dc9933d10a10  2009.1/x86_64/file-5.03-2.1mdv2009.1.x86_64.rpm
 004adbba8f58328c07ee3d1c8d2651a0  2009.1/x86_64/lib64magic1-5.03-2.1mdv2009.1.x86_64.rpm
 a693e89d97dca93c8fba466cab5c9576  2009.1/x86_64/lib64magic-devel-5.03-2.1mdv2009.1.x86_64.rpm
 750e3d4d11365b315b3134c07bb432da  2009.1/x86_64/lib64magic-static-devel-5.03-2.1mdv2009.1.x86_64.rpm
 77f8329b8a06c038f1c23c837cff756c  2009.1/x86_64/python-magic-5.03-2.1mdv2009.1.x86_64.rpm 
 140b8ffc12d337d70a317a3c1599ab12  2009.1/SRPMS/file-5.03-2.1mdv2009.1.src.rpm

Referenzen