To: [email protected]Subject: [ MDVSA-2009:067 ] libsndfile
Date: Fri, 06 Mar 2009 00:36:00 +0100
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1LfN6e-0006d4-U8@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:067
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libsndfile
Date : March 5, 2009
Affected: 2008.0, 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
Crafted data - channels per frame value - in CAF files enables remote
attackers to execute arbitrary code or denial of service via a possible
integer overflow, leading to a possible heap overflow (CVE-2009-0186).
This update provides fix for that vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0186
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
636fcca6743199107f94bd6382691f56 2008.0/i586/libsndfile1-1.0.18-0.pre11.7.1mdv2008.0.i586.rpm
c91b66214eb4a4415404e72012b7f13b 2008.0/i586/libsndfile-devel-1.0.18-0.pre11.7.1mdv2008.0.i586.rpm
8c16b58d2e274cbf867663953a07535f 2008.0/i586/libsndfile-progs-1.0.18-0.pre11.7.1mdv2008.0.i586.rpm
3cb4bebc4efac11173bb0a11fd033b10 2008.0/i586/libsndfile-static-devel-1.0.18-0.pre11.7.1mdv2008.0.i586.rpm
ec9d40e701e741340d3be115b8a0b7bc 2008.0/SRPMS/libsndfile-1.0.18-0.pre11.7.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
0774a521cb9f0e5c228f9468fe2c85f0 2008.0/x86_64/lib64sndfile1-1.0.18-0.pre11.7.1mdv2008.0.x86_64.rpm
32c2ff134e872aaa280c37a7d1dc1f01 2008.0/x86_64/lib64sndfile-devel-1.0.18-0.pre11.7.1mdv2008.0.x86_64.rpm
de03d216159ff4c7001f56593c53935e 2008.0/x86_64/lib64sndfile-static-devel-1.0.18-0.pre11.7.1mdv2008.0.x86_64.rpm
fc70ac7f2a15f046a9fa8b1464f673c2 2008.0/x86_64/libsndfile-progs-1.0.18-0.pre11.7.1mdv2008.0.x86_64.rpm
ec9d40e701e741340d3be115b8a0b7bc 2008.0/SRPMS/libsndfile-1.0.18-0.pre11.7.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
22c5d13d816c87fbc5d454e47d801508 2008.1/i586/libsndfile1-1.0.18-1.pre20.1.1mdv2008.1.i586.rpm
7c8ebc8ac747b3d3d37eab9c75a2e035 2008.1/i586/libsndfile-devel-1.0.18-1.pre20.1.1mdv2008.1.i586.rpm
a293119cea21293a88f83f8c54fb9dba 2008.1/i586/libsndfile-progs-1.0.18-1.pre20.1.1mdv2008.1.i586.rpm
0b92ade91efdffde568e6e36eb7c0eca 2008.1/i586/libsndfile-static-devel-1.0.18-1.pre20.1.1mdv2008.1.i586.rpm
118dac159755622e790e779d3346074d 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
c6c3addab06b0fcfe83097ed340d92ba 2008.1/x86_64/lib64sndfile1-1.0.18-1.pre20.1.1mdv2008.1.x86_64.rpm
7c9fdab0b5b3315a0a395be98c61dedb 2008.1/x86_64/lib64sndfile-devel-1.0.18-1.pre20.1.1mdv2008.1.x86_64.rpm
0b6155a33e3d716b30d4c01d69581eed 2008.1/x86_64/lib64sndfile-static-devel-1.0.18-1.pre20.1.1mdv2008.1.x86_64.rpm
529ce9ed36fbfd62a2eba0de9690f156 2008.1/x86_64/libsndfile-progs-1.0.18-1.pre20.1.1mdv2008.1.x86_64.rpm
118dac159755622e790e779d3346074d 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
586e9952ee27348e3dd0de6b40d5f1a7 2009.0/i586/libsndfile1-1.0.18-2.pre22.1.1mdv2009.0.i586.rpm
c2706ace6fb506e83f453bf156094fbd 2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.1mdv2009.0.i586.rpm
1afd350af724ed149bb2b6aa727880a3 2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.1mdv2009.0.i586.rpm
b01507410bb4405ce087a6ab1be5a120 2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.1mdv2009.0.i586.rpm
ee9f191461d5343b544ec4c9d4666b66 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
fcf87d888a6ea0f07db8e624ba128cca 2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.1mdv2009.0.x86_64.rpm
80cfcf0f5bff9078bfaebba87ff714a5 2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.1mdv2009.0.x86_64.rpm
0141e8a20584289ffd1178efd87ba335 2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.1mdv2009.0.x86_64.rpm
1ce04938d46615cd65b9a1a8831b5bf4 2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.1mdv2009.0.x86_64.rpm
ee9f191461d5343b544ec4c9d4666b66 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.1mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJsDU9mqjQ0CJFipgRAnBGAKCmRfeLxpJnkEP3V74EMzSCJMeL8ACgpJvp
WCO/J+GpreCEX9qKKAU3VNo=
=P8Nj
-----END PGP SIGNATURE-----