Package name
file
Date
2007-03-22
Advisory ID
MDKSA-2007:067
Affected versions
CS4.0 x86_64 , MNF2.0 i586 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

Jean-Sebastien Guay-Leroux discovered an integer underflow in the
file_printf() function in file prior to 4.20 that allows user-assisted
attackers to execute arbitrary code via a file that triggers a
heap-based buffer overflow.

Updated packages have been patched to address this issue.

Updated packages

CS4.0 x86_64

 5da9885c6eceeae1048efea7e5fb1f6a  corporate/4.0/x86_64/file-4.14-2.2.20060mlcs4.x86_64.rpm
 af453ecc1eeb2ac69d8f4cb286b45605  corporate/4.0/x86_64/lib64magic1-4.14-2.2.20060mlcs4.x86_64.rpm
 cb9a0c1590b1acebe42b3cd545b58bc2  corporate/4.0/x86_64/lib64magic1-devel-4.14-2.2.20060mlcs4.x86_64.rpm
 abbaa0bb2698c9e035267ce6a3e1f056  corporate/4.0/x86_64/lib64magic1-static-devel-4.14-2.2.20060mlcs4.x86_64.rpm 
 06fb5a02819a65a8846a92cb5cb7e103  corporate/4.0/SRPMS/file-4.14-2.2.20060mlcs4.src.rpm

MNF2.0 i586

 1a3e63e7cf57e63af8c166280da3ce0f  mnf/2.0/i586/file-4.07-3.1.M20mdk.i586.rpm
 4830b9b5c5ac238f16bedc8e919cd61e  mnf/2.0/i586/libmagic1-4.07-3.1.M20mdk.i586.rpm
 d9b5cdb19d1a4178a072a380a83183df  mnf/2.0/i586/libmagic1-devel-4.07-3.1.M20mdk.i586.rpm
 86268a4fcbc5ca421a022afb019deace  mnf/2.0/i586/libmagic1-static-devel-4.07-3.1.M20mdk.i586.rpm 
 b23438938f6cefd35a6afd7252fed8a5  mnf/2.0/SRPMS/file-4.07-3.1.M20mdk.src.rpm

2006.0 i586

 6776fdab0b30ff408291c8b60eaa5914  2006.0/i586/file-4.14-2.2.20060mdk.i586.rpm
 de3e126e2309c381967c83ee00a1549f  2006.0/i586/libmagic1-4.14-2.2.20060mdk.i586.rpm
 76d7885a0646fc3f4ccefa2d1f39c52d  2006.0/i586/libmagic1-devel-4.14-2.2.20060mdk.i586.rpm
 d9b880001c57222a32d3ee7983bbe41d  2006.0/i586/libmagic1-static-devel-4.14-2.2.20060mdk.i586.rpm 
 faf0311fd9add5ab90fd4794d458d5df  2006.0/SRPMS/file-4.14-2.2.20060mdk.src.rpm

2007.0 x86_64

 92037616ceeb9422321aefcb92b4592d  2007.0/x86_64/file-4.17-2.1mdv2007.0.x86_64.rpm
 a0714daf434333daf0cc94e793fb2fa5  2007.0/x86_64/lib64magic1-4.17-2.1mdv2007.0.x86_64.rpm
 ec4d6e8f36c517775544d9b82e1c2c3c  2007.0/x86_64/lib64magic1-devel-4.17-2.1mdv2007.0.x86_64.rpm
 911a45da5e03afce2e6cf893821523c0  2007.0/x86_64/lib64magic1-static-devel-4.17-2.1mdv2007.0.x86_64.rpm
 d5553c829bb5c105eb8956c30c982b56  2007.0/x86_64/python-magic-4.17-2.1mdv2007.0.x86_64.rpm 
 b6711ae1487bff595f23644888a21200  2007.0/SRPMS/file-4.17-2.1mdv2007.0.src.rpm

2007.0 i586

 051e3ba9cc68605b812ee7b49db6912e  2007.0/i586/file-4.17-2.1mdv2007.0.i586.rpm
 df3c8c4fa46b317a6d82b58b2645af06  2007.0/i586/libmagic1-4.17-2.1mdv2007.0.i586.rpm
 3b89edfb298db832a00bdc8004050c70  2007.0/i586/libmagic1-devel-4.17-2.1mdv2007.0.i586.rpm
 ab34afc24bba86ba683a07a829c291ce  2007.0/i586/libmagic1-static-devel-4.17-2.1mdv2007.0.i586.rpm
 da97885fa8cef50b1a7197cd3bedda88  2007.0/i586/python-magic-4.17-2.1mdv2007.0.i586.rpm 
 b6711ae1487bff595f23644888a21200  2007.0/SRPMS/file-4.17-2.1mdv2007.0.src.rpm

CS3.0 x86_64

 4f16f2ea06e12ba3b34b53b4cf37c767  corporate/3.0/x86_64/file-4.07-3.1.C30mdk.x86_64.rpm
 ea2133f4651a6538478586246c76a37c  corporate/3.0/x86_64/lib64magic1-4.07-3.1.C30mdk.x86_64.rpm
 ebc3400c433d97f7638283412ee7dfb8  corporate/3.0/x86_64/lib64magic1-devel-4.07-3.1.C30mdk.x86_64.rpm
 6edd04c7d038b9793c3703a24a6e4e24  corporate/3.0/x86_64/lib64magic1-static-devel-4.07-3.1.C30mdk.x86_64.rpm 
 d4277fc37c32f5c3916c4223d09bcdf5  corporate/3.0/SRPMS/file-4.07-3.1.C30mdk.src.rpm

CS4.0 i586

 1fef1c38e699bc9bf2a12e133ab58d72  corporate/4.0/i586/file-4.14-2.2.20060mlcs4.i586.rpm
 25d61edd905d5d5fc98fa26f94133e3d  corporate/4.0/i586/libmagic1-4.14-2.2.20060mlcs4.i586.rpm
 7b66b10bfbc1882f34cc35ae2a028b06  corporate/4.0/i586/libmagic1-devel-4.14-2.2.20060mlcs4.i586.rpm
 98b0564830191b3e5633e72673ada514  corporate/4.0/i586/libmagic1-static-devel-4.14-2.2.20060mlcs4.i586.rpm 
 06fb5a02819a65a8846a92cb5cb7e103  corporate/4.0/SRPMS/file-4.14-2.2.20060mlcs4.src.rpm

CS3.0 i586

 96a903348d6fcbf9c1148b40c33bfa84  corporate/3.0/i586/file-4.07-3.1.C30mdk.i586.rpm
 91f98b7967a67cd84997bc1a4b4c3ac0  corporate/3.0/i586/libmagic1-4.07-3.1.C30mdk.i586.rpm
 cdd298669d1887162dcfc85f64ee0026  corporate/3.0/i586/libmagic1-devel-4.07-3.1.C30mdk.i586.rpm
 b76cebb89bd62cdbed02074bf08862c9  corporate/3.0/i586/libmagic1-static-devel-4.07-3.1.C30mdk.i586.rpm 
 d4277fc37c32f5c3916c4223d09bcdf5  corporate/3.0/SRPMS/file-4.07-3.1.C30mdk.src.rpm

2006.0 x86_64

 778972de9f0b948065e3a740762335ea  2006.0/x86_64/file-4.14-2.2.20060mdk.x86_64.rpm
 d198f2b7b93b6453927cfb82ebd7be03  2006.0/x86_64/lib64magic1-4.14-2.2.20060mdk.x86_64.rpm
 f39321c70228c4720d7839d23bd4f257  2006.0/x86_64/lib64magic1-devel-4.14-2.2.20060mdk.x86_64.rpm
 77672f3f381c93138d4eeb5bf029634b  2006.0/x86_64/lib64magic1-static-devel-4.14-2.2.20060mdk.x86_64.rpm 
 faf0311fd9add5ab90fd4794d458d5df  2006.0/SRPMS/file-4.14-2.2.20060mdk.src.rpm

References