lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OkKWX-0006t8-HU@titan.mandriva.com>
Date: Sat, 14 Aug 2010 19:28:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:150 ] libsndfile

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:150
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libsndfile
 Date    : August 14, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in libsndfile:
 
 The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init,
 (5) float32_init, and (6) sds_read_header functions in libsndfile
 1.0.20 allow context-dependent attackers to cause a denial of service
 (divide-by-zero error and application crash) via a crafted audio file
 (CVE-2009-4835).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4835
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 c93c7c7068d000b91eae61a8c09229c9  2008.0/i586/libsndfile1-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm
 76dfe39ea12d4a7dfeadb2ec3a844cc4  2008.0/i586/libsndfile-devel-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm
 acf42bb8cd11016a44cb395ace8e99c1  2008.0/i586/libsndfile-progs-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm
 944dda961426efd66bd5a2546da06f44  2008.0/i586/libsndfile-static-devel-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm 
 f5500769668619ffe40b24db7fc4d3fd  2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 7d180d971b3da58cb75361372651f3e3  2008.0/x86_64/lib64sndfile1-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm
 21afa308fd9532d4d9e6b3fd81544a7d  2008.0/x86_64/lib64sndfile-devel-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm
 0b3ceb2670f62127f92884b3f5c2e134  2008.0/x86_64/lib64sndfile-static-devel-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm
 c7bbba6a5f2b6d3540fb6b22400f5897  2008.0/x86_64/libsndfile-progs-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm 
 f5500769668619ffe40b24db7fc4d3fd  2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.2mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 56645881aeec875d661a072abe86c48b  2009.0/i586/libsndfile1-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm
 08be4bc8a20fd892d43eddd352d2e5e5  2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm
 c11393e67f6527e6ff6e4003cef263ec  2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm
 3621901a1665cab19f5edcf276f49982  2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm 
 76b4d09a0602f488c38eca666dd7e28b  2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 fc887d2f087fb70702294dba17722575  2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm
 6baee87b88f90e245f272e8408e13b52  2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm
 f8e665f9d1d193b0d8370873d7835579  2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm
 e6a01db2f7248dabc8284b786bb041d9  2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm 
 76b4d09a0602f488c38eca666dd7e28b  2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 ec8b2916fa28d7248d84d37211b3414e  2009.1/i586/libsndfile1-1.0.19-1.2mdv2009.1.i586.rpm
 b505744ecf8dc0aea55b15136314cb59  2009.1/i586/libsndfile-devel-1.0.19-1.2mdv2009.1.i586.rpm
 da9d2c8885a8f8e376209b658065bd1f  2009.1/i586/libsndfile-progs-1.0.19-1.2mdv2009.1.i586.rpm
 8fa4827a35d0b33f0c7c22ceb088335f  2009.1/i586/libsndfile-static-devel-1.0.19-1.2mdv2009.1.i586.rpm 
 e22990103ad877308ba7c037c0e04ba5  2009.1/SRPMS/libsndfile-1.0.19-1.2mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 24a7f6e860fd6490befaa82ce1c61b80  2009.1/x86_64/lib64sndfile1-1.0.19-1.2mdv2009.1.x86_64.rpm
 f5d77b1c1f83f546b6941c68acd29e4b  2009.1/x86_64/lib64sndfile-devel-1.0.19-1.2mdv2009.1.x86_64.rpm
 7b3d9f592ce56fb286847e20bdcb7160  2009.1/x86_64/lib64sndfile-static-devel-1.0.19-1.2mdv2009.1.x86_64.rpm
 3b48c5088456b87d8ece99a3000a90ff  2009.1/x86_64/libsndfile-progs-1.0.19-1.2mdv2009.1.x86_64.rpm 
 e22990103ad877308ba7c037c0e04ba5  2009.1/SRPMS/libsndfile-1.0.19-1.2mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 e4487bf36980b6f5d816d8e952204a59  2010.0/i586/libsndfile1-1.0.20-4.2mdv2010.0.i586.rpm
 b7be27c71f023054b16ecb4acd8e4273  2010.0/i586/libsndfile-devel-1.0.20-4.2mdv2010.0.i586.rpm
 238e99e278c704ebcf498f72f1413fac  2010.0/i586/libsndfile-progs-1.0.20-4.2mdv2010.0.i586.rpm
 6c165c55ce51484e8e032e2d573e21a5  2010.0/i586/libsndfile-static-devel-1.0.20-4.2mdv2010.0.i586.rpm 
 67ceb70c109f022fa1d78c62d6565062  2010.0/SRPMS/libsndfile-1.0.20-4.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 89e5aa298807cb03527865ef9d33f3e2  2010.0/x86_64/lib64sndfile1-1.0.20-4.2mdv2010.0.x86_64.rpm
 db24021666e8f09882089977f079cb29  2010.0/x86_64/lib64sndfile-devel-1.0.20-4.2mdv2010.0.x86_64.rpm
 d42de597d70171cc2088e63cedead400  2010.0/x86_64/lib64sndfile-static-devel-1.0.20-4.2mdv2010.0.x86_64.rpm
 09914c069e9a80d87aebd0b54f0509e7  2010.0/x86_64/libsndfile-progs-1.0.20-4.2mdv2010.0.x86_64.rpm 
 67ceb70c109f022fa1d78c62d6565062  2010.0/SRPMS/libsndfile-1.0.20-4.2mdv2010.0.src.rpm

 Corporate 4.0:
 bfe3861366791b73d04442bfaf3bb299  corporate/4.0/i586/libsndfile1-1.0.11-1.2.20060mlcs4.i586.rpm
 766afa1f2e9b1c5ddaaa87396e47eea5  corporate/4.0/i586/libsndfile1-devel-1.0.11-1.2.20060mlcs4.i586.rpm
 dc44890f00939116eb1dd49b8a39629b  corporate/4.0/i586/libsndfile1-static-devel-1.0.11-1.2.20060mlcs4.i586.rpm
 897269d1d95a3366e8d0aabaf73eaedb  corporate/4.0/i586/libsndfile-progs-1.0.11-1.2.20060mlcs4.i586.rpm 
 1e98b4c0787cf32285f2997aa0373123  corporate/4.0/SRPMS/libsndfile-1.0.11-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3a2d9401bee2ff5bac422096fb8eda0e  corporate/4.0/x86_64/lib64sndfile1-1.0.11-1.2.20060mlcs4.x86_64.rpm
 5fbb7cd92538e1f407d9aefe3e4cc668  corporate/4.0/x86_64/lib64sndfile1-devel-1.0.11-1.2.20060mlcs4.x86_64.rpm
 21669c84457981cdff0f0be56680d37d  corporate/4.0/x86_64/lib64sndfile1-static-devel-1.0.11-1.2.20060mlcs4.x86_64.rpm
 7ba9b23784dbfa1ddaed83b8eb6c4863  corporate/4.0/x86_64/libsndfile-progs-1.0.11-1.2.20060mlcs4.x86_64.rpm 
 1e98b4c0787cf32285f2997aa0373123  corporate/4.0/SRPMS/libsndfile-1.0.11-1.2.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 929b5b97e3bdc675bd666f7e1ed4a60b  mes5/i586/libsndfile1-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm
 e61a30e23d0545bb8d394752bd1d190b  mes5/i586/libsndfile-devel-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm
 e8ea7611cafba70eac91c906398c5c38  mes5/i586/libsndfile-progs-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm
 5d059ce533df68af64e2210451fa216b  mes5/i586/libsndfile-static-devel-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm 
 a448b801cd00084c0f4885d83151f955  mes5/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b4e951fcfe36471ad9436946a666fb41  mes5/x86_64/lib64sndfile1-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm
 7e2d2be2dfcc45f208bd8cf45044840a  mes5/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm
 e6a17ad85bbc310829f397d356141907  mes5/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm
 9df33998c6f1e98bfd332017d63bf7f4  mes5/x86_64/libsndfile-progs-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm 
 a448b801cd00084c0f4885d83151f955  mes5/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMZp/6mqjQ0CJFipgRAjnSAKCHTDHadN251FTgvIRl3M1oKhwr9QCgmvG2
gM2hiAd4TnytIP50VIUzIvc=
=f6dB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ