| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 06 Mar 2009 00:36:00 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2009:067 ] libsndfile -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:067 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libsndfile Date : March 5, 2009 Affected: 2008.0, 2008.1, 2009.0 _______________________________________________________________________ Problem Description: Crafted data - channels per frame value - in CAF files enables remote attackers to execute arbitrary code or denial of service via a possible integer overflow, leading to a possible heap overflow (CVE-2009-0186). This update provides fix for that vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0186 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 636fcca6743199107f94bd6382691f56 2008.0/i586/libsndfile1-1.0.18-0.pre11.7.1mdv2008.0.i586.rpm c91b66214eb4a4415404e72012b7f13b 2008.0/i586/libsndfile-devel-1.0.18-0.pre11.7.1mdv2008.0.i586.rpm 8c16b58d2e274cbf867663953a07535f 2008.0/i586/libsndfile-progs-1.0.18-0.pre11.7.1mdv2008.0.i586.rpm 3cb4bebc4efac11173bb0a11fd033b10 2008.0/i586/libsndfile-static-devel-1.0.18-0.pre11.7.1mdv2008.0.i586.rpm ec9d40e701e741340d3be115b8a0b7bc 2008.0/SRPMS/libsndfile-1.0.18-0.pre11.7.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 0774a521cb9f0e5c228f9468fe2c85f0 2008.0/x86_64/lib64sndfile1-1.0.18-0.pre11.7.1mdv2008.0.x86_64.rpm 32c2ff134e872aaa280c37a7d1dc1f01 2008.0/x86_64/lib64sndfile-devel-1.0.18-0.pre11.7.1mdv2008.0.x86_64.rpm de03d216159ff4c7001f56593c53935e 2008.0/x86_64/lib64sndfile-static-devel-1.0.18-0.pre11.7.1mdv2008.0.x86_64.rpm fc70ac7f2a15f046a9fa8b1464f673c2 2008.0/x86_64/libsndfile-progs-1.0.18-0.pre11.7.1mdv2008.0.x86_64.rpm ec9d40e701e741340d3be115b8a0b7bc 2008.0/SRPMS/libsndfile-1.0.18-0.pre11.7.1mdv2008.0.src.rpm Mandriva Linux 2008.1: 22c5d13d816c87fbc5d454e47d801508 2008.1/i586/libsndfile1-1.0.18-1.pre20.1.1mdv2008.1.i586.rpm 7c8ebc8ac747b3d3d37eab9c75a2e035 2008.1/i586/libsndfile-devel-1.0.18-1.pre20.1.1mdv2008.1.i586.rpm a293119cea21293a88f83f8c54fb9dba 2008.1/i586/libsndfile-progs-1.0.18-1.pre20.1.1mdv2008.1.i586.rpm 0b92ade91efdffde568e6e36eb7c0eca 2008.1/i586/libsndfile-static-devel-1.0.18-1.pre20.1.1mdv2008.1.i586.rpm 118dac159755622e790e779d3346074d 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: c6c3addab06b0fcfe83097ed340d92ba 2008.1/x86_64/lib64sndfile1-1.0.18-1.pre20.1.1mdv2008.1.x86_64.rpm 7c9fdab0b5b3315a0a395be98c61dedb 2008.1/x86_64/lib64sndfile-devel-1.0.18-1.pre20.1.1mdv2008.1.x86_64.rpm 0b6155a33e3d716b30d4c01d69581eed 2008.1/x86_64/lib64sndfile-static-devel-1.0.18-1.pre20.1.1mdv2008.1.x86_64.rpm 529ce9ed36fbfd62a2eba0de9690f156 2008.1/x86_64/libsndfile-progs-1.0.18-1.pre20.1.1mdv2008.1.x86_64.rpm 118dac159755622e790e779d3346074d 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 586e9952ee27348e3dd0de6b40d5f1a7 2009.0/i586/libsndfile1-1.0.18-2.pre22.1.1mdv2009.0.i586.rpm c2706ace6fb506e83f453bf156094fbd 2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.1mdv2009.0.i586.rpm 1afd350af724ed149bb2b6aa727880a3 2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.1mdv2009.0.i586.rpm b01507410bb4405ce087a6ab1be5a120 2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.1mdv2009.0.i586.rpm ee9f191461d5343b544ec4c9d4666b66 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: fcf87d888a6ea0f07db8e624ba128cca 2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.1mdv2009.0.x86_64.rpm 80cfcf0f5bff9078bfaebba87ff714a5 2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.1mdv2009.0.x86_64.rpm 0141e8a20584289ffd1178efd87ba335 2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.1mdv2009.0.x86_64.rpm 1ce04938d46615cd65b9a1a8831b5bf4 2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.1mdv2009.0.x86_64.rpm ee9f191461d5343b544ec4c9d4666b66 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.1mdv2009.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJsDU9mqjQ0CJFipgRAnBGAKCmRfeLxpJnkEP3V74EMzSCJMeL8ACgpJvp WCO/J+GpreCEX9qKKAU3VNo= =P8Nj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists