lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 29 Dec 2007 02:41:21 +0100
From: Moritz Muehlenhoff <>
Subject: [SECURITY] [DSA 1442-2] New libsndfile packages fix arbitrary code execution

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1442-1                               Moritz Muehlenhoff
December 29, 2007           
- ------------------------------------------------------------------------

Package        : libsndfile
Vulnerability  : buffer overflow
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-4974

Rubert Buchholz discovered that libsndfile, a library for reading / 
writing audio files performs insufficient boundary checks when
processing FLAC files, which might lead to the execution of arbitrary

For the stable distribution (etch), this problem has been fixed in
version 1.0.16-2.

The old stable distribution (sarge) is not affected by this problem.

We recommend that you upgrade your libsndfile packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   857117 773b6639672d39b6342030c7fd1e9719
    Size/MD5 checksum:     5465 3143afa4d8b69fe1ba9d0428d3b5b472
    Size/MD5 checksum:      639 778f77063bf0aee761b5d9f7af793ced

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   400468 f555adb582857c57e2efc4c957661a10
    Size/MD5 checksum:   222432 5a776e9755235dfbc33881b54a69df87
    Size/MD5 checksum:    72062 0ad263c448319e10f147d4ca3a2e49cd

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    70518 6ece20244584e3e33c680cba32f5bd01
    Size/MD5 checksum:   186978 15d1c0d80b1df110594b0e25dc444ca3
    Size/MD5 checksum:   322346 f8d850304a105b5b8d2beadb3e81304d

arm architecture (ARM)
    Size/MD5 checksum:    72042 6efb81b71098e378b5f702c06cb8b2d9
    Size/MD5 checksum:   343534 03aef95ebfe92522c5d36a4e5590859d
    Size/MD5 checksum:   220952 d01c16d518630402f6714691b829d793

hppa architecture (HP PA RISC)
    Size/MD5 checksum:    74542 cf4e50401c65e94b5ec93b488c0180c7
    Size/MD5 checksum:   236320 7c0274e6b33b5e301dcd7a474d502107
    Size/MD5 checksum:   373514 af037103e816ba426298a634057decb2

i386 architecture (Intel ia32)
    Size/MD5 checksum:    74262 834537ca8b562a4350d5a9c422f436ca
    Size/MD5 checksum:   319560 9fe5127322c613449eb0dde18a27cfb8
    Size/MD5 checksum:   197498 e9bc609646a45373a0d365b071950c6a

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   270526 4e79bb42b5e92d68fa00bff980686eb3
    Size/MD5 checksum:   416098 3d6c672fd2480a3a5783142085445bdd
    Size/MD5 checksum:    75756 d29c6c9fe859001936087e53afdff185

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   217138 c59d9ffccb7d577d06f4eb8f8a875e98
    Size/MD5 checksum:   374184 e0a8ce0c236b772bc58eaad8aad2006a
    Size/MD5 checksum:    72760 2468de6305a9c60fdfd0fe73bad8999a

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    72800 da3ce8b83dc1ad383c23812df43cf31d
    Size/MD5 checksum:   373316 d2e45aaad4073e64b6e3e443e6702cac
    Size/MD5 checksum:   216758 0a66a28c249850999b90b6f90d0c027b

powerpc architecture (PowerPC)
    Size/MD5 checksum:   207748 7c999002bfce68181a2818eaf3e829ed
    Size/MD5 checksum:   346286 2b9d3e4cef955ff76a963a3e40aebecd
    Size/MD5 checksum:    75812 b8549289577e9a8bfe279592ebb68c69

s390 architecture (IBM S/390)
    Size/MD5 checksum:   346370 dca74b112ab72b4893b272aa983f6e07
    Size/MD5 checksum:    72800 6fd80164e263294833c6b6a4f98faf7f
    Size/MD5 checksum:   220876 8f28f995c96e3366cc98a1578aba5a46

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:    70652 7560d39c5a222317decb5586c17d1d55
    Size/MD5 checksum:   207790 e758c2a6e11a78f25df2ad1b2205206e
    Size/MD5 checksum:   334854 f97aba9749b0dd78f6da521399fa9937

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.6 (GNU/Linux)


Powered by blists - more mailing lists