[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OkKWX-0006t8-HU@titan.mandriva.com>
Date: Sat, 14 Aug 2010 19:28:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:150 ] libsndfile
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:150
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libsndfile
Date : August 14, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in libsndfile:
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init,
(5) float32_init, and (6) sds_read_header functions in libsndfile
1.0.20 allow context-dependent attackers to cause a denial of service
(divide-by-zero error and application crash) via a crafted audio file
(CVE-2009-4835).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4835
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
c93c7c7068d000b91eae61a8c09229c9 2008.0/i586/libsndfile1-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm
76dfe39ea12d4a7dfeadb2ec3a844cc4 2008.0/i586/libsndfile-devel-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm
acf42bb8cd11016a44cb395ace8e99c1 2008.0/i586/libsndfile-progs-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm
944dda961426efd66bd5a2546da06f44 2008.0/i586/libsndfile-static-devel-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm
f5500769668619ffe40b24db7fc4d3fd 2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
7d180d971b3da58cb75361372651f3e3 2008.0/x86_64/lib64sndfile1-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm
21afa308fd9532d4d9e6b3fd81544a7d 2008.0/x86_64/lib64sndfile-devel-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm
0b3ceb2670f62127f92884b3f5c2e134 2008.0/x86_64/lib64sndfile-static-devel-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm
c7bbba6a5f2b6d3540fb6b22400f5897 2008.0/x86_64/libsndfile-progs-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm
f5500769668619ffe40b24db7fc4d3fd 2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.2mdv2008.0.src.rpm
Mandriva Linux 2009.0:
56645881aeec875d661a072abe86c48b 2009.0/i586/libsndfile1-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm
08be4bc8a20fd892d43eddd352d2e5e5 2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm
c11393e67f6527e6ff6e4003cef263ec 2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm
3621901a1665cab19f5edcf276f49982 2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm
76b4d09a0602f488c38eca666dd7e28b 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
fc887d2f087fb70702294dba17722575 2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm
6baee87b88f90e245f272e8408e13b52 2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm
f8e665f9d1d193b0d8370873d7835579 2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm
e6a01db2f7248dabc8284b786bb041d9 2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm
76b4d09a0602f488c38eca666dd7e28b 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdv2009.0.src.rpm
Mandriva Linux 2009.1:
ec8b2916fa28d7248d84d37211b3414e 2009.1/i586/libsndfile1-1.0.19-1.2mdv2009.1.i586.rpm
b505744ecf8dc0aea55b15136314cb59 2009.1/i586/libsndfile-devel-1.0.19-1.2mdv2009.1.i586.rpm
da9d2c8885a8f8e376209b658065bd1f 2009.1/i586/libsndfile-progs-1.0.19-1.2mdv2009.1.i586.rpm
8fa4827a35d0b33f0c7c22ceb088335f 2009.1/i586/libsndfile-static-devel-1.0.19-1.2mdv2009.1.i586.rpm
e22990103ad877308ba7c037c0e04ba5 2009.1/SRPMS/libsndfile-1.0.19-1.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
24a7f6e860fd6490befaa82ce1c61b80 2009.1/x86_64/lib64sndfile1-1.0.19-1.2mdv2009.1.x86_64.rpm
f5d77b1c1f83f546b6941c68acd29e4b 2009.1/x86_64/lib64sndfile-devel-1.0.19-1.2mdv2009.1.x86_64.rpm
7b3d9f592ce56fb286847e20bdcb7160 2009.1/x86_64/lib64sndfile-static-devel-1.0.19-1.2mdv2009.1.x86_64.rpm
3b48c5088456b87d8ece99a3000a90ff 2009.1/x86_64/libsndfile-progs-1.0.19-1.2mdv2009.1.x86_64.rpm
e22990103ad877308ba7c037c0e04ba5 2009.1/SRPMS/libsndfile-1.0.19-1.2mdv2009.1.src.rpm
Mandriva Linux 2010.0:
e4487bf36980b6f5d816d8e952204a59 2010.0/i586/libsndfile1-1.0.20-4.2mdv2010.0.i586.rpm
b7be27c71f023054b16ecb4acd8e4273 2010.0/i586/libsndfile-devel-1.0.20-4.2mdv2010.0.i586.rpm
238e99e278c704ebcf498f72f1413fac 2010.0/i586/libsndfile-progs-1.0.20-4.2mdv2010.0.i586.rpm
6c165c55ce51484e8e032e2d573e21a5 2010.0/i586/libsndfile-static-devel-1.0.20-4.2mdv2010.0.i586.rpm
67ceb70c109f022fa1d78c62d6565062 2010.0/SRPMS/libsndfile-1.0.20-4.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
89e5aa298807cb03527865ef9d33f3e2 2010.0/x86_64/lib64sndfile1-1.0.20-4.2mdv2010.0.x86_64.rpm
db24021666e8f09882089977f079cb29 2010.0/x86_64/lib64sndfile-devel-1.0.20-4.2mdv2010.0.x86_64.rpm
d42de597d70171cc2088e63cedead400 2010.0/x86_64/lib64sndfile-static-devel-1.0.20-4.2mdv2010.0.x86_64.rpm
09914c069e9a80d87aebd0b54f0509e7 2010.0/x86_64/libsndfile-progs-1.0.20-4.2mdv2010.0.x86_64.rpm
67ceb70c109f022fa1d78c62d6565062 2010.0/SRPMS/libsndfile-1.0.20-4.2mdv2010.0.src.rpm
Corporate 4.0:
bfe3861366791b73d04442bfaf3bb299 corporate/4.0/i586/libsndfile1-1.0.11-1.2.20060mlcs4.i586.rpm
766afa1f2e9b1c5ddaaa87396e47eea5 corporate/4.0/i586/libsndfile1-devel-1.0.11-1.2.20060mlcs4.i586.rpm
dc44890f00939116eb1dd49b8a39629b corporate/4.0/i586/libsndfile1-static-devel-1.0.11-1.2.20060mlcs4.i586.rpm
897269d1d95a3366e8d0aabaf73eaedb corporate/4.0/i586/libsndfile-progs-1.0.11-1.2.20060mlcs4.i586.rpm
1e98b4c0787cf32285f2997aa0373123 corporate/4.0/SRPMS/libsndfile-1.0.11-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3a2d9401bee2ff5bac422096fb8eda0e corporate/4.0/x86_64/lib64sndfile1-1.0.11-1.2.20060mlcs4.x86_64.rpm
5fbb7cd92538e1f407d9aefe3e4cc668 corporate/4.0/x86_64/lib64sndfile1-devel-1.0.11-1.2.20060mlcs4.x86_64.rpm
21669c84457981cdff0f0be56680d37d corporate/4.0/x86_64/lib64sndfile1-static-devel-1.0.11-1.2.20060mlcs4.x86_64.rpm
7ba9b23784dbfa1ddaed83b8eb6c4863 corporate/4.0/x86_64/libsndfile-progs-1.0.11-1.2.20060mlcs4.x86_64.rpm
1e98b4c0787cf32285f2997aa0373123 corporate/4.0/SRPMS/libsndfile-1.0.11-1.2.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
929b5b97e3bdc675bd666f7e1ed4a60b mes5/i586/libsndfile1-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm
e61a30e23d0545bb8d394752bd1d190b mes5/i586/libsndfile-devel-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm
e8ea7611cafba70eac91c906398c5c38 mes5/i586/libsndfile-progs-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm
5d059ce533df68af64e2210451fa216b mes5/i586/libsndfile-static-devel-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm
a448b801cd00084c0f4885d83151f955 mes5/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
b4e951fcfe36471ad9436946a666fb41 mes5/x86_64/lib64sndfile1-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm
7e2d2be2dfcc45f208bd8cf45044840a mes5/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm
e6a17ad85bbc310829f397d356141907 mes5/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm
9df33998c6f1e98bfd332017d63bf7f4 mes5/x86_64/libsndfile-progs-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm
a448b801cd00084c0f4885d83151f955 mes5/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMZp/6mqjQ0CJFipgRAjnSAKCHTDHadN251FTgvIRl3M1oKhwr9QCgmvG2
gM2hiAd4TnytIP50VIUzIvc=
=f6dB
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists