lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MmCaC-00023Y-O5@titan.mandriva.com>
Date: Fri, 11 Sep 2009 22:19:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:232 ] libsamplerate


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:232
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libsamplerate
 Date    : September 11, 2009
 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A security vulnerability has been identified and fixed in
 libsamplerate:
 
 Lev Givon discovered a buffer overflow in libsamplerate that could
 lead to a segfault with specially crafted python code. This problem has
 been fixed with libsamplerate-0.1.7 but older versions are affected.
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 https://qa.mandriva.com/47888
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 68b6b761ad6f8c5144380adf7e670a20  2008.1/i586/libsamplerate0-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm
 c4048627b6cd47ecc36798e3b95291f8  2008.1/i586/libsamplerate-devel-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm
 8b021bc53c012b993a55b702ca5d4ef3  2008.1/i586/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm 
 6fc83bb69d28e02bb4676ac8c822bf4c  2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 c912e011f54a3f43adf7592e3f79159c  2008.1/x86_64/lib64samplerate0-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm
 52245d2684de49d0c42b127ed25770d3  2008.1/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm
 e009822b488278ce524c98ccd0f4d9e3  2008.1/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm 
 6fc83bb69d28e02bb4676ac8c822bf4c  2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 00c1eddd0f7027881d61c9810c8a7b9e  2009.0/i586/libsamplerate0-0.1.4-1.1mdv2009.0.i586.rpm
 aaa8cb9975747da1fdfde6232ccf59a4  2009.0/i586/libsamplerate-devel-0.1.4-1.1mdv2009.0.i586.rpm
 1ac80dd7e709814263e5b9aeaa398b90  2009.0/i586/libsamplerate-progs-0.1.4-1.1mdv2009.0.i586.rpm 
 440cca6113286912ad26389751846488  2009.0/SRPMS/libsamplerate-0.1.4-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 742aed975be2108101d544e4af10051f  2009.0/x86_64/lib64samplerate0-0.1.4-1.1mdv2009.0.x86_64.rpm
 01273f68c2bd71058c17dc130e7995da  2009.0/x86_64/lib64samplerate-devel-0.1.4-1.1mdv2009.0.x86_64.rpm
 934924f0f55c61bd7328316994594132  2009.0/x86_64/libsamplerate-progs-0.1.4-1.1mdv2009.0.x86_64.rpm 
 440cca6113286912ad26389751846488  2009.0/SRPMS/libsamplerate-0.1.4-1.1mdv2009.0.src.rpm

 Corporate 3.0:
 90a843449a9077e3de0daa6bffd9a5d2  corporate/3.0/i586/libsamplerate0-0.0.15-2.2.C30mdk.i586.rpm
 575111d361dc0886f1788fab9a55bc2a  corporate/3.0/i586/libsamplerate0-devel-0.0.15-2.2.C30mdk.i586.rpm
 17c39e53f9c74b7f161008a8ea205630  corporate/3.0/i586/libsamplerate-progs-0.0.15-2.2.C30mdk.i586.rpm 
 f9b91945c60e160f9a44e3d6e8265930  corporate/3.0/SRPMS/libsamplerate-0.0.15-2.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 502ef117b448d385d61ba74676118bb1  corporate/3.0/x86_64/lib64samplerate0-0.0.15-2.2.C30mdk.x86_64.rpm
 bf8a35fbb19b14fb8a180e15263da664  corporate/3.0/x86_64/lib64samplerate0-devel-0.0.15-2.2.C30mdk.x86_64.rpm
 32e670174dbf0e76ce55b30af497d076  corporate/3.0/x86_64/libsamplerate-progs-0.0.15-2.2.C30mdk.x86_64.rpm 
 f9b91945c60e160f9a44e3d6e8265930  corporate/3.0/SRPMS/libsamplerate-0.0.15-2.2.C30mdk.src.rpm

 Corporate 4.0:
 5911901b6500278924e683527389dff7  corporate/4.0/i586/libsamplerate0-0.1.2-1.2.20060mlcs4.i586.rpm
 020f7a51ac2dfc9100519ac17f3ad9c1  corporate/4.0/i586/libsamplerate0-devel-0.1.2-1.2.20060mlcs4.i586.rpm
 3bcce103dbed501d68e83e1513de4fb7  corporate/4.0/i586/libsamplerate-progs-0.1.2-1.2.20060mlcs4.i586.rpm 
 9ed1ef514bb0ba8882604a438c3a2b6c  corporate/4.0/SRPMS/libsamplerate-0.1.2-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ff73bdbc43ef5dab21be04dce86c96ec  corporate/4.0/x86_64/lib64samplerate0-0.1.2-1.2.20060mlcs4.x86_64.rpm
 81c6d68db92c9121fdc71a07738d49d1  corporate/4.0/x86_64/lib64samplerate0-devel-0.1.2-1.2.20060mlcs4.x86_64.rpm
 198206469146f0f5438c2a4d0fdbe651  corporate/4.0/x86_64/libsamplerate-progs-0.1.2-1.2.20060mlcs4.x86_64.rpm 
 9ed1ef514bb0ba8882604a438c3a2b6c  corporate/4.0/SRPMS/libsamplerate-0.1.2-1.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKqoLwmqjQ0CJFipgRApxoAJ9MLgPhPp4Wgm4vqZMNVZZggJlWOACgp6DH
Sp5KoJri+ssPAeLg354oFyc=
=6ODM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ