lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 07 Jun 2009 18:24:01 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:132 ] libsndfile


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:132
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libsndfile
 Date    : June 7, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in libsndfile:
 
 Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15
 through 1.0.19, as used in Winamp 5.552 and possibly other media
 programs, allows remote attackers to cause a denial of service
 (application crash) and possibly execute arbitrary code via a VOC
 file with an invalid header value (CVE-2009-1788).
 
 Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15
 through 1.0.19, as used in Winamp 5.552 and possibly other media
 programs, allows remote attackers to cause a denial of service
 (application crash) and possibly execute arbitrary code via an AIFF
 file with an invalid header value (CVE-2009-1791).
 
 This update provides fixes for these vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1788
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1791
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 701da939ef75bb44c6a88091991405f9  2008.1/i586/libsndfile1-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
 ece4f97fbe7d228e6a68ec2fcfc962a7  2008.1/i586/libsndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
 e53e91c170e4e7533939e991bd7e6986  2008.1/i586/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
 99d764b015825c5773e522e244deeecc  2008.1/i586/libsndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm 
 516da728e6ec820abe69840d20e81132  2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 6442e6ffb57e298b00ec31bcedb942c6  2008.1/x86_64/lib64sndfile1-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
 333380f9a0efa811dc8596bacf924454  2008.1/x86_64/lib64sndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
 0124fa53ba30401ea0c3226efe64f6c0  2008.1/x86_64/lib64sndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
 0ff17e4b621107b779c6e1bc13d22d1a  2008.1/x86_64/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 
 516da728e6ec820abe69840d20e81132  2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 3a2368ee951b221c5d69c2c6b7d6a48c  2009.0/i586/libsndfile1-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
 0f12874d6a5fde2f1af5c1df0d6a1c16  2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
 98213ebaed97f0a2e6d49e79fe5ff76e  2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
 42229b20ae9a0f49e9924dad505116b3  2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm 
 c444d98f0ffdad126dafc51a58cdc81f  2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 6fc6279c15b54e22c23c4a4a1ea055a0  2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
 572f0991372826b65a0605694cde1b43  2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
 b184642bfb17c160da33c44eaf288deb  2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
 a8eb61b1d24bd4390a72de7c2767e78d  2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm 
 c444d98f0ffdad126dafc51a58cdc81f  2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 89b4e3e227f6707669f91189294af292  2009.1/i586/libsndfile1-1.0.19-1.1mdv2009.1.i586.rpm
 a31e77b54e28effbe5a6b19869112f28  2009.1/i586/libsndfile-devel-1.0.19-1.1mdv2009.1.i586.rpm
 df23c2bebe552c1ef9a4516daa5a5bef  2009.1/i586/libsndfile-progs-1.0.19-1.1mdv2009.1.i586.rpm
 9bffa66c3ccb14aba57e8161960a6b05  2009.1/i586/libsndfile-static-devel-1.0.19-1.1mdv2009.1.i586.rpm 
 a55dd246457aea313d82f70332c8f36b  2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 3d4170e84aea8f0c32c59c818c9c7280  2009.1/x86_64/lib64sndfile1-1.0.19-1.1mdv2009.1.x86_64.rpm
 17fe0c03e79959feb26e4e4448456af1  2009.1/x86_64/lib64sndfile-devel-1.0.19-1.1mdv2009.1.x86_64.rpm
 072e67a45dbb68b23935b3806fa0a602  2009.1/x86_64/lib64sndfile-static-devel-1.0.19-1.1mdv2009.1.x86_64.rpm
 956bf413c247969d743327c343b1c14c  2009.1/x86_64/libsndfile-progs-1.0.19-1.1mdv2009.1.x86_64.rpm 
 a55dd246457aea313d82f70332c8f36b  2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm

 Corporate 3.0:
 60bdde82db8a5c84f89b04b918f1754b  corporate/3.0/i586/libsndfile1-1.0.5-4.1.C30mdk.i586.rpm
 d806f60be51bf593ea9e0b3229767d8c  corporate/3.0/i586/libsndfile1-devel-1.0.5-4.1.C30mdk.i586.rpm
 1d0da98153c7586db0f9b33f2697d1a2  corporate/3.0/i586/libsndfile1-static-devel-1.0.5-4.1.C30mdk.i586.rpm
 5eab2abf9a9efd63b3b330c530ba871a  corporate/3.0/i586/libsndfile-progs-1.0.5-4.1.C30mdk.i586.rpm 
 91eef247c8bb071839cab8b2e72da048  corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ff7314675c98acd10988512d061bc08b  corporate/3.0/x86_64/lib64sndfile1-1.0.5-4.1.C30mdk.x86_64.rpm
 e4504c8f36f99b89a50a098494c42648  corporate/3.0/x86_64/lib64sndfile1-devel-1.0.5-4.1.C30mdk.x86_64.rpm
 647d44fc6c873ee4edd2073a9eb31a27  corporate/3.0/x86_64/lib64sndfile1-static-devel-1.0.5-4.1.C30mdk.x86_64.rpm
 883283f7ead7833a682a5b378e597473  corporate/3.0/x86_64/libsndfile-progs-1.0.5-4.1.C30mdk.x86_64.rpm 
 91eef247c8bb071839cab8b2e72da048  corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm

 Corporate 4.0:
 e37710f568c24ac630e808824be2bcb7  corporate/4.0/i586/libsndfile1-1.0.11-1.1.20060mlcs4.i586.rpm
 6edfa31978c0507fec3e6c7196b8eb90  corporate/4.0/i586/libsndfile1-devel-1.0.11-1.1.20060mlcs4.i586.rpm
 164bf5a93311aba0c28881ff1e16aff7  corporate/4.0/i586/libsndfile1-static-devel-1.0.11-1.1.20060mlcs4.i586.rpm
 b4d2bca7afe885d18cedfbf984199437  corporate/4.0/i586/libsndfile-progs-1.0.11-1.1.20060mlcs4.i586.rpm 
 13185887dbb05ae457218dbab126ba61  corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 95da0be2ca10d4aedba59098c7de13f3  corporate/4.0/x86_64/lib64sndfile1-1.0.11-1.1.20060mlcs4.x86_64.rpm
 2a9c964b442552efd9759653f0bcbc77  corporate/4.0/x86_64/lib64sndfile1-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm
 edbc77703f3170e49c02086931429d80  corporate/4.0/x86_64/lib64sndfile1-static-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm
 7fda385d55c1079a8280c9937a98f84e  corporate/4.0/x86_64/libsndfile-progs-1.0.11-1.1.20060mlcs4.x86_64.rpm 
 13185887dbb05ae457218dbab126ba61  corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKK7xemqjQ0CJFipgRAitZAJ4pmmVZN+8HWX6k/vZJ2oBj9oXzLQCg3Fgz
r6IGgMZMbGyAEPEVyUOZDAo=
=bldV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists