lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 17 Jan 2010 09:36:43 +0000
From: Stefan Fritsch <>
Subject: [SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow

Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-1972-1                                   Stefan Fritsch
January 17, 2010            
- -------------------------------------------------------------------------

Package        : audiofile
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Id         : CVE-2008-5824
Debian bug     : 510205

Max Kellermann discovered a heap-based buffer overflow in the handling
of ADPCM WAV files in libaudiofile. This flaw could result in a denial
of service (application crash) or possibly execution of arbitrary code
via a crafted WAV file.

The old stable distribution (etch), this problem will be fixed in
version 0.2.6-6+etch1.

The packages for the oldtable distribution are not included in this
advisory. An update will be released soon.

For the stable distribution (lenny), this problem has been fixed in
version 0.2.6-7+lenny1.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 0.2.6-7.1.

We recommend that you upgrade your audiofile packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   374688 9c1049876cd51c0f1b12c2886cce4d42
    Size/MD5 checksum:     1048 ba1535425e02719cb32aaed448b9e615
    Size/MD5 checksum:   300816 57eece898416b8ecf3aa5dac27f2c4fc

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   158224 c1579697bbb721374da6451aa12a2030
    Size/MD5 checksum:    90028 01aa1e7a90c361cdd95f289f4d2b554d
    Size/MD5 checksum:   167796 34be04955f6912507db6855eb51fa3cf

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    83988 1f3b65530a04afb05e077ff7ed72d331
    Size/MD5 checksum:   169514 94248270333cdf6278dc7b27d3af01d7
    Size/MD5 checksum:   130610 a5ba3174a86f15a11f8922ed892f9bec

arm architecture (ARM)
    Size/MD5 checksum:    74696 f3aa521f8ed711b4a2fd3ff14a3bba32
    Size/MD5 checksum:   164142 a87e3ac1f10e120bf8451aac693036ad
    Size/MD5 checksum:   116354 20bccdc0014746f3b07c7b19acbef513

armel architecture (ARM EABI)
    Size/MD5 checksum:    77702 0effe95d77f86d22aed53a9a93012d2b
    Size/MD5 checksum:   121328 52f253d4bbf24883ca3dd83a7d9e0686
    Size/MD5 checksum:   166310 7f5222c459b8964c6551746641b9e385

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   135830 8ad815e277bf74a7a231fd3577d1ecbb
    Size/MD5 checksum:    87580 83007039c0d0aa96508027c58d44956d
    Size/MD5 checksum:   166476 4ea9d29c71058ed703baeb407ebf74ef

i386 architecture (Intel ia32)
    Size/MD5 checksum:   164582 7c84007f5260c1b9ce714d9e090b649c
    Size/MD5 checksum:   118288 99ca6cf504847281ffee6095d6c56df9
    Size/MD5 checksum:    77984 eaa5796ba0a90db7d759719ea46e3ea7

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   171436 87e839b3f36d8374d46dd8cc46cfdf02
    Size/MD5 checksum:   160876 0a1fca9b908b5626c488befbf17951cd
    Size/MD5 checksum:   114662 fcb0924085a99cb1f5fb7352cb7c4cfe

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    77652 cf4fdc50fb0c27d2d01ea62a00e419ae
    Size/MD5 checksum:   136234 a99b4802eac588c1a4204b4cb51ee750
    Size/MD5 checksum:   170994 e1579208d48d6eed6d5b4ee78f633c25

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    77354 9956348cc10198f72e01ef2de9fefb3c
    Size/MD5 checksum:   169408 e442c1e3761d6417f8619b67f100d0ac
    Size/MD5 checksum:   136282 4aa8e92fdf213266c6a00815d2ee1326

powerpc architecture (PowerPC)
    Size/MD5 checksum:   168454 57af4df319a43b6bbe3f26da61b6996c
    Size/MD5 checksum:   131276 481f73af6d5b0532d830889a2d0e17b7
    Size/MD5 checksum:    82444 94db16051730d9c914d3cb1cb8eb983b

s390 architecture (IBM S/390)
    Size/MD5 checksum:   126500 aaa163e9465ea8781f6af4ca7c9d2ee1
    Size/MD5 checksum:    83506 1d9f7379d796d06ca3e18027039fab42
    Size/MD5 checksum:   169568 9e4273791c4237c68fa2e70251d6cf93

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   117968 ec723b26f1cca8f967695d0701d5defb
    Size/MD5 checksum:   154992 581562d68231ccef4ea31a33c3efcf93
    Size/MD5 checksum:    74984 b8b65cf6dc6d7c2947c4049aa27d44ca

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.9 (GNU/Linux)


Powered by blists - more mailing lists