Bug 5073 - file new security issue CVE-2012-1571
Summary: file new security issue CVE-2012-1571
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard:
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2012-03-23 14:25 CET by David Walser
Modified: 2012-04-11 21:21 CEST (History)
4 users (show)

See Also:
Source RPM: file-5.06-1.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2012-03-23 14:25:12 CET 
Mandriva has issued this advisory today (March 23):
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:035

Cauldron is not vulnerable.
Comment 1 David Walser 2012-03-26 02:17:20 CEST 
Looks like the fix is to just update to the CDF code from file 5.11.  Uploaded.

Advisory:
========================

Updated file packages fix security vulnerabilities:

Multiple out-of heap-based buffer read flaws and invalid pointer
dereference flaws were found in the way file, utility for determining
of file types processed header section for certain Composite Document
Format (CDF) files. A remote attacker could provide a specially-crafted
CDF file, which once inspected by the file utility of the victim
would lead to file executable crash (CVE-2012-1571).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571
https://bugzilla.redhat.com/show_bug.cgi?id=805197
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:035
========================

Updated packages in core/updates_testing:
========================
file-5.06-1.1.mga1
libmagic1-5.06-1.1.mga1
libmagic-devel-5.06-1.1.mga1
libmagic-static-devel-5.06-1.1.mga1
python-magic-5.06-1.1.mga1

from file-5.06-1.1.mga1.src.rpm

Assignee: bugsquad => qa-bugs

Comment 2 Dave Hodgins 2012-04-04 21:13:02 CEST 
Testing complete on i586 for the srpm
file-5.06-1.1.mga1.src.rpm

Just testing that it works with "file *".

CC: (none) => davidwhodgins

Comment 3 Derek Jennings 2012-04-09 10:22:46 CEST 
Testing complete on x86_64
Downloaded example .cdf file confirmed same response from file command both before and after update.

Update Validated
Could sysadmin please push file-5.06-1.1.mga1.src.rpm from core/updates_testing to core/updates

Advisory:
========================

Updated file packages fix security vulnerabilities:

Multiple out-of heap-based buffer read flaws and invalid pointer
dereference flaws were found in the way file, utility for determining
of file types processed header section for certain Composite Document
Format (CDF) files. A remote attacker could provide a specially-crafted
CDF file, which once inspected by the file utility of the victim
would lead to file executable crash (CVE-2012-1571).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571
https://bugzilla.redhat.com/show_bug.cgi?id=805197
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:035
========================

Keywords: (none) => validated_update
CC: (none) => derekjenn, sysadmin-bugs

Comment 4 Thomas Backlund 2012-04-11 21:21:46 CEST 
Update pushewd

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.