Bug 753303 (CVE-2012-1571) - VUL-0: CVE-2012-1571: file crashes due to malformed CDF files
Summary: VUL-0: CVE-2012-1571: file crashes due to malformed CDF files
Status: RESOLVED FIXED
Alias: CVE-2012-1571
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:NVD:CVE-2012-1571:4.3:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-21 12:18 UTC by Ludwig Nussel
Modified: 2021-08-31 12:07 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
file-CVE-2012-1571.patch (11.74 KB, text/plain)
2012-03-21 12:54 UTC, Dr. Werner Fink 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Dr. Werner Fink 2012-03-21 12:31:25 UTC 
Does there exist any information on the version?
Does the upstream author know about this?
Comment 2 Dr. Werner Fink 2012-03-21 12:44:34 UTC 
Btw: It would help a lot if the text of Christos would be cited
in the initial message as using a lot of URL's without any specific
information isn't very pleased, is it?
Comment 3 Dr. Werner Fink 2012-03-21 12:46:59 UTC 
IMHO ther are more changes between 5.10 and 5.11 as it seems that
changes from e.g. cdf.h are missed in the cited githup commits.
Comment 4 Dr. Werner Fink 2012-03-21 12:54:25 UTC 
Created attachment 482364 [details]
file-CVE-2012-1571.patch

IMHO this is the full patch about CVE-2012-1571
Comment 5 Dr. Werner Fink 2012-03-21 13:13:04 UTC 
In the package file of SLES11, SLES11-SP1, SLES11-SP2 nor in SLES10 upto 
SLES10-SP4 is not CDF support included.
Comment 6 Dr. Werner Fink 2012-03-21 14:06:39 UTC 
For 11.4 see request #110412
for 12.1 see request #110410
Comment 7 Swamp Workflow Management 2012-03-21 23:00:15 UTC 
bugbot adjusting priority
Comment 8 Bernhard Wiedemann 2012-03-23 15:00:15 UTC 
This is an autogenerated message for OBS integration:
This bug (753303) was mentioned in
https://build.opensuse.org/request/show/110835 Factory / file
Comment 9 Swamp Workflow Management 2012-04-12 08:08:58 UTC 
openSUSE-SU-2012:0488-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 753303
CVE References: CVE-2012-1571
Sources used:
openSUSE 12.1 (src):    file-5.08-7.4.1, python-magic-5.08-7.4.1
openSUSE 11.4 (src):    file-5.04-13.1, python-magic-5.04-13.1
Comment 10 Marcus Meissner 2012-04-12 21:22:10 UTC 
released
Comment 11 Bernhard Wiedemann 2012-08-09 13:00:43 UTC 
This is an autogenerated message for OBS integration:
This bug (753303) was mentioned in
https://build.opensuse.org/request/show/130497 Evergreen:11.2 / file
https://build.opensuse.org/request/show/130498 Evergreen:11.2 / python-magic
Comment 12 Bernhard Wiedemann 2012-08-20 10:00:37 UTC 
This is an autogenerated message for OBS integration:
This bug (753303) was mentioned in
https://build.opensuse.org/request/show/131214 Evergreen:11.2 / file
https://build.opensuse.org/request/show/131215 Evergreen:11.2 / python-magic