To: [email protected]Subject: [ MDVSA-2008:238 ] libsamplerate
Date: Thu, 04 Dec 2008 18:34:00 -0700
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1L8PZx-0001US-3J@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:238
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libsamplerate
Date : December 4, 2008
Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A buffer overflow was found by Russell O'Conner in the libsamplerate
library versions prior to 0.1.4 that could possibly lead to the
execution of arbitrary code via a specially crafted audio file
(CVE-2008-5008).
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
9a9cc1fbac25741ad38e914c98d90826 2008.0/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm
294117b4e81f6d38553faf47b0d0b561 2008.0/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm
695ab47e44749f3f0a6df321992f6064 2008.0/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm
4068b67bd67786501ddc388824763a19 2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
24a792941fa5fbff89764b724923a616 2008.0/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm
c1ac9d056ca38c36658158fec3ee3f31 2008.0/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm
dcdffc679e6af71864d8cdb78e335df8 2008.0/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm
4068b67bd67786501ddc388824763a19 2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
f44c5b4f55bbe4ad946f46456dce4745 2008.1/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm
18a7016e5da1f0f37c3cde4222703f87 2008.1/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm
6064159a6a594c006d16c42d29cfd240 2008.1/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm
32697b41d7fd390e91b4d4dbeacc0db2 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
6497eadf29decebda33422f431a83d45 2008.1/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm
2df7b9d3f1656f728667e68569cfc8af 2008.1/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm
b9c0276018ac620bbcd68f998b4daeac 2008.1/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm
32697b41d7fd390e91b4d4dbeacc0db2 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm
Corporate 3.0:
91ef6d6952ac4d845f4ed16b74117d8d corporate/3.0/i586/libsamplerate0-0.0.15-2.1.C30mdk.i586.rpm
7d1aef25a43863e4a7d89fd559312b29 corporate/3.0/i586/libsamplerate0-devel-0.0.15-2.1.C30mdk.i586.rpm
e3d9b6a0c2d32d36bd55b3d2b9ff8fa7 corporate/3.0/i586/libsamplerate-progs-0.0.15-2.1.C30mdk.i586.rpm
67cdb6d349097d08925e2c4cb86d1fe6 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
3efec8fbd1ea1fd00f9eea336afd5798 corporate/3.0/x86_64/lib64samplerate0-0.0.15-2.1.C30mdk.x86_64.rpm
5783d23a1019bed054e713b94c5ad989 corporate/3.0/x86_64/lib64samplerate0-devel-0.0.15-2.1.C30mdk.x86_64.rpm
f970ddd128def98252bc4090f576f4ec corporate/3.0/x86_64/libsamplerate-progs-0.0.15-2.1.C30mdk.x86_64.rpm
67cdb6d349097d08925e2c4cb86d1fe6 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm
Corporate 4.0:
0a2d27263f81d8304028bccadb5142af corporate/4.0/i586/libsamplerate0-0.1.2-1.1.20060mlcs4.i586.rpm
7d3dddddbad29db356b97dc77f720c0a corporate/4.0/i586/libsamplerate0-devel-0.1.2-1.1.20060mlcs4.i586.rpm
9b2bc33430ac70a2c24eab9f2afee0c2 corporate/4.0/i586/libsamplerate-progs-0.1.2-1.1.20060mlcs4.i586.rpm
83cdd1d3349f1017c4c92cb6ee0fb636 corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
ffbc6a9d6d3403a52ca5cbe3c4a3495d corporate/4.0/x86_64/lib64samplerate0-0.1.2-1.1.20060mlcs4.x86_64.rpm
991dd38ed664577613f6a55da77eaa29 corporate/4.0/x86_64/lib64samplerate0-devel-0.1.2-1.1.20060mlcs4.x86_64.rpm
92d88adbf9d580a772b702f33cf8d027 corporate/4.0/x86_64/libsamplerate-progs-0.1.2-1.1.20060mlcs4.x86_64.rpm
83cdd1d3349f1017c4c92cb6ee0fb636 corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJOFc0mqjQ0CJFipgRAjweAKDVUt2pCqRSgKnXlJI0gJoSgbuXBACeMk6+
SxoIyNyLtbDX6XnTUTazqts=
=Kbrk
-----END PGP SIGNATURE-----